Commit fd7285b9 authored by Shinya Maeda's avatar Shinya Maeda

Limit the maximum length of release description

This commit adds the AR validation to the release
model to limit the maximum length of release description
to be less than 1 megabyte.
parent f3d8fb97
...@@ -24,6 +24,7 @@ class Release < ApplicationRecord ...@@ -24,6 +24,7 @@ class Release < ApplicationRecord
before_create :set_released_at before_create :set_released_at
validates :project, :tag, presence: true validates :project, :tag, presence: true
validates :description, length: { maximum: Gitlab::Database::MAX_TEXT_SIZE_LIMIT }, if: :should_validate_description_length?
validates_associated :milestone_releases, message: -> (_, obj) { obj[:value].map(&:errors).map(&:full_messages).join(",") } validates_associated :milestone_releases, message: -> (_, obj) { obj[:value].map(&:errors).map(&:full_messages).join(",") }
validates :links, nested_attributes_duplicates: { scope: :release, child_attributes: %i[name url filepath] } validates :links, nested_attributes_duplicates: { scope: :release, child_attributes: %i[name url filepath] }
...@@ -101,6 +102,11 @@ class Release < ApplicationRecord ...@@ -101,6 +102,11 @@ class Release < ApplicationRecord
private private
def should_validate_description_length?
description_changed? &&
::Feature.enabled?(:validate_release_description_length, project, default_enabled: :yaml)
end
def actual_sha def actual_sha
sha || actual_tag&.dereferenced_target sha || actual_tag&.dereferenced_target
end end
......
---
name: validate_release_description_length
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/60380
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/329192
milestone: '13.12'
type: development
group: group::release
default_enabled: false
...@@ -38,6 +38,30 @@ RSpec.describe Release do ...@@ -38,6 +38,30 @@ RSpec.describe Release do
end end
end end
context 'when description of a release is longer than the limit' do
let(:description) { 'a' * (Gitlab::Database::MAX_TEXT_SIZE_LIMIT + 1) }
let(:release) { build(:release, project: project, description: description) }
it 'creates a validation error' do
release.validate
expect(release.errors.full_messages)
.to include("Description is too long (maximum is #{Gitlab::Database::MAX_TEXT_SIZE_LIMIT} characters)")
end
context 'when validate_release_description_length feature flag is disabled' do
before do
stub_feature_flags(validate_release_description_length: false)
end
it 'does not create a validation error' do
release.validate
expect(release.errors.full_messages).to be_empty
end
end
end
context 'when a release is tied to a milestone for another project' do context 'when a release is tied to a milestone for another project' do
it 'creates a validation error' do it 'creates a validation error' do
milestone = build(:milestone, project: create(:project)) milestone = build(:milestone, project: create(:project))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment