Skip to content

Commit 5bee51f

Browse files
mafredrimafredri
committed
limit message length
1 parent 93de18a commit 5bee51f

File tree

5 files changed

+28
-3
lines changed

5 files changed

+28
-3
lines changed

coderd/database/dbfake/dbfake.go

+4
Original file line numberDiff line numberDiff line change
@@ -3921,6 +3921,10 @@ func (q *fakeQuerier) InsertTemplateVersion(_ context.Context, arg database.Inse
39213921
return database.TemplateVersion{}, err
39223922
}
39233923

3924+
if len(arg.Message) > 1048576 {
3925+
return database.TemplateVersion{}, xerrors.New("message too long")
3926+
}
3927+
39243928
q.mutex.Lock()
39253929
defer q.mutex.Unlock()
39263930

coderd/database/dump.sql

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/migrations/000135_add_template_version_message.up.sql

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
1-
ALTER TABLE template_versions ADD COLUMN message text NOT NULL DEFAULT '';
1+
ALTER TABLE template_versions ADD COLUMN message varchar(1048576) NOT NULL DEFAULT '';
22

33
COMMENT ON COLUMN template_versions.message IS 'Message describing the changes in this version of the template, similar to a Git commit message. Like a commit message, this should be a short, high-level description of the changes in this version of the template. This message is immutable and should not be updated after the fact.';

coderd/templateversions_test.go

+21
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ import (
55
"context"
66
"net/http"
77
"regexp"
8+
"strings"
89
"testing"
910

1011
"github.com/google/uuid"
@@ -51,6 +52,26 @@ func TestTemplateVersion(t *testing.T) {
5152
assert.Equal(t, "first try", tv.Message)
5253
})
5354

55+
t.Run("Message limit exceeded", func(t *testing.T) {
56+
t.Parallel()
57+
client, _, _ := coderdtest.NewWithAPI(t, nil)
58+
user := coderdtest.CreateFirstUser(t, client)
59+
60+
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
61+
defer cancel()
62+
63+
file, err := client.Upload(ctx, codersdk.ContentTypeTar, bytes.NewReader([]byte{}))
64+
require.NoError(t, err)
65+
_, err = client.CreateTemplateVersion(ctx, user.OrganizationID, codersdk.CreateTemplateVersionRequest{
66+
Name: "bananas",
67+
Message: strings.Repeat("a", 1048577),
68+
StorageMethod: codersdk.ProvisionerStorageMethodFile,
69+
FileID: file.ID,
70+
Provisioner: codersdk.ProvisionerTypeEcho,
71+
})
72+
require.Error(t, err, "message too long, create should fail")
73+
})
74+
5475
t.Run("MemberCanRead", func(t *testing.T) {
5576
t.Parallel()
5677

codersdk/organizations.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ type OrganizationMember struct {
4343
// CreateTemplateVersionRequest enables callers to create a new Template Version.
4444
type CreateTemplateVersionRequest struct {
4545
Name string `json:"name,omitempty" validate:"omitempty,template_version_name"`
46-
Message string `json:"message,omitempty"`
46+
Message string `json:"message,omitempty" validate:"lt=1048577"` // Database limit: 1048576.
4747
// TemplateID optionally associates a version with a template.
4848
TemplateID uuid.UUID `json:"template_id,omitempty" format:"uuid"`
4949
StorageMethod ProvisionerStorageMethod `json:"storage_method" validate:"oneof=file,required" enums:"file"`

0 commit comments

Comments
 (0)