Commit 5968adf3 authored by Sean McGivern's avatar Sean McGivern

Merge branch 'limit-input-size-for-prometheus-alert-payload' into 'master'

Limit input size for Prometheus alert JSON payload

Closes #14929

See merge request gitlab-org/gitlab!19940
parents 681f94e1 698c1ee9
...@@ -7,6 +7,7 @@ module Projects ...@@ -7,6 +7,7 @@ module Projects
include Gitlab::Utils::StrongMemoize include Gitlab::Utils::StrongMemoize
def execute(token) def execute(token)
return false unless valid_payload_size?
return false unless valid_version? return false unless valid_version?
return false unless valid_alert_manager_token?(token) return false unless valid_alert_manager_token?(token)
...@@ -19,6 +20,10 @@ module Projects ...@@ -19,6 +20,10 @@ module Projects
private private
def valid_payload_size?
Gitlab::Utils::DeepSize.new(params).valid?
end
def incident_management_available? def incident_management_available?
project.feature_available?(:incident_management) project.feature_available?(:incident_management)
end end
......
---
title: Limit input size for Prometheus alert JSON payload
merge_request: 19940
author:
type: changed
...@@ -338,6 +338,24 @@ describe Projects::Prometheus::Alerts::NotifyService do ...@@ -338,6 +338,24 @@ describe Projects::Prometheus::Alerts::NotifyService do
it_behaves_like 'no notifications' it_behaves_like 'no notifications'
end end
context 'when the payload is too big' do
let(:payload) { { 'the-payload-is-too-big' => true } }
let(:deep_size_object) { instance_double(Gitlab::Utils::DeepSize, valid?: false) }
before do
allow(Gitlab::Utils::DeepSize).to receive(:new).and_return(deep_size_object)
end
it_behaves_like 'no notifications'
it 'does not process issues' do
expect(IncidentManagement::ProcessPrometheusAlertWorker)
.not_to receive(:perform_async)
subject
end
end
end end
private private
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment