diff options
author | Valerij Fredriksen <freva@users.noreply.github.com> | 2023-03-07 14:39:56 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-03-07 14:39:56 +0100 |
commit | 86390355b224f3c198a52cb961483e6759d935a6 (patch) | |
tree | 2a0b122aadd67b534ae751f1ee64f097df4d85ff /controller-server | |
parent | f122a2d6f842230ff874acf22f815bde695031dd (diff) | |
parent | 5ae31026f8fa638f271ba008ae7e84bcc8215d9a (diff) |
Merge pull request #26333 from vespa-engine/ogronnesby/length-validation
Limit length on input
Diffstat (limited to 'controller-server')
2 files changed, 11 insertions, 1 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index 2d7dff5a891..b1df25c933b 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -758,7 +758,9 @@ public class ApplicationApiHandler extends AuditLoggingRequestHandler { } private String getString(Inspector field, String defaultVale) { - return field.valid() ? field.asString().trim() : defaultVale; + var string = field.valid() ? field.asString().trim() : defaultVale; + if (string.length() > 512) throw new IllegalArgumentException("Input value too long"); + return string; } private SlimeJsonResponse updateTenantInfo(CloudTenant tenant, HttpRequest request) { diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java index 41622e669e6..6012b491fe7 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java @@ -81,6 +81,14 @@ public class ApplicationApiCloudTest extends ControllerContainerCloudTest { } @Test + void tenant_info_profile_too_long() { + var request = request("/application/v4/tenant/scoober/info/profile", PUT) + .data("{\"contact\":{\"name\":\"" + "a".repeat(513) + "\",\"email\":\"foo@example.com\"},\"tenant\":{\"company\":\"Scoober, Inc.\",\"website\":\"https://example.com/\"}}") + .roles(Set.of(Role.administrator(tenantName))); + tester.assertResponse(request, "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Input value too long\"}", 400); + } + + @Test void tenant_info_billing() { var request = request("/application/v4/tenant/scoober/info/billing", GET) .roles(Set.of(Role.reader(tenantName))); |