Commit eb014d6b authored by Grzegorz Bizon's avatar Grzegorz Bizon

Merge branch '217936-validate-the-size-of-the-value-for-instance-level-variables' into 'master'

Validate the size of the value for instance level variables

See merge request gitlab-org/gitlab!32303
parents da7c062b 426ce8e8
......@@ -13,6 +13,11 @@ module Ci
message: "(%{value}) has already been taken"
}
validates :encrypted_value, length: {
maximum: 1024,
too_long: 'The encrypted value of the provided variable exceeds %{count} bytes. Variables over 700 characters risk exceeding the limit.'
}
scope :unprotected, -> { where(protected: false) }
after_commit { self.class.invalidate_memory_cache(:ci_instance_variable_data) }
......
---
title: Add value length validations for instance level variable
merge_request: 32303
author:
type: fixed
......@@ -77,7 +77,7 @@ POST /admin/ci/variables
| Attribute | Type | required | Description |
|-----------------|---------|----------|-----------------------|
| `key` | string | yes | The `key` of a variable. Max 255 characters, only `A-Z`, `a-z`, `0-9`, and `_` are allowed. |
| `value` | string | yes | The `value` of a variable. |
| `value` | string | yes | The `value` of a variable. Around 700 characters allowed. |
| `variable_type` | string | no | The type of a variable. Available types are: `env_var` (default) and `file`. |
| `protected` | boolean | no | Whether the variable is protected. |
| `masked` | boolean | no | Whether the variable is masked. |
......
......@@ -9,6 +9,7 @@ describe Ci::InstanceVariable do
it { is_expected.to include_module(Ci::Maskable) }
it { is_expected.to validate_uniqueness_of(:key).with_message(/\(\w+\) has already been taken/) }
it { is_expected.to validate_length_of(:encrypted_value).is_at_most(1024).with_message(/Variables over 700 characters risk exceeding the limit/) }
describe '.unprotected' do
subject { described_class.unprotected }
......
......@@ -109,6 +109,22 @@ describe ::API::Admin::Ci::Variables do
expect(response).to have_gitlab_http_status(:bad_request)
end
it 'does not allow values above 700 characters' do
too_long_message = <<~MESSAGE.strip
The encrypted value of the provided variable exceeds 1024 bytes. \
Variables over 700 characters risk exceeding the limit.
MESSAGE
expect do
post api('/admin/ci/variables', admin),
params: { key: 'too_long', value: SecureRandom.hex(701) }
end.not_to change { ::Ci::InstanceVariable.count }
expect(response).to have_gitlab_http_status(:bad_request)
expect(json_response).to match('message' =>
a_hash_including('encrypted_value' => [too_long_message]))
end
end
context 'authorized user with invalid permissions' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment