diff options
author | Øyvind Grønnesby <oyving@yahooinc.com> | 2023-03-07 11:44:24 +0100 |
---|---|---|
committer | Øyvind Grønnesby <oyving@yahooinc.com> | 2023-03-07 13:49:13 +0100 |
commit | 5ae31026f8fa638f271ba008ae7e84bcc8215d9a (patch) | |
tree | 80be378b47d3f4c2a83a1bf4fe8e6f27e004df40 /controller-server | |
parent | ad3f5edcb4d86886a7f6c52c26449e683e1d3a67 (diff) |
Limit length on input
Diffstat (limited to 'controller-server')
2 files changed, 11 insertions, 1 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index 616df377cc4..f2390bd4e83 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -758,7 +758,9 @@ public class ApplicationApiHandler extends AuditLoggingRequestHandler { } private String getString(Inspector field, String defaultVale) { - return field.valid() ? field.asString().trim() : defaultVale; + var string = field.valid() ? field.asString().trim() : defaultVale; + if (string.length() > 512) throw new IllegalArgumentException("Input value too long"); + return string; } private SlimeJsonResponse updateTenantInfo(CloudTenant tenant, HttpRequest request) { diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java index 41622e669e6..6012b491fe7 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java @@ -81,6 +81,14 @@ public class ApplicationApiCloudTest extends ControllerContainerCloudTest { } @Test + void tenant_info_profile_too_long() { + var request = request("/application/v4/tenant/scoober/info/profile", PUT) + .data("{\"contact\":{\"name\":\"" + "a".repeat(513) + "\",\"email\":\"foo@example.com\"},\"tenant\":{\"company\":\"Scoober, Inc.\",\"website\":\"https://example.com/\"}}") + .roles(Set.of(Role.administrator(tenantName))); + tester.assertResponse(request, "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Input value too long\"}", 400); + } + + @Test void tenant_info_billing() { var request = request("/application/v4/tenant/scoober/info/billing", GET) .roles(Set.of(Role.reader(tenantName))); |