SECURITY: Add a default limit as to when logs should be truncated

Why this change? This ensures that malicious requests cannot end up causing the logs to quickly fill up. The default chosen is sufficient for most legitimate requests to the Discourse application. When truncation happens, parsing of logs in supported format like lograge may break down.
2025-05-22 22:43:33 +08:00 · 2023-10-02 11:41:34 +08:00
parent ee084b754e
commit cbbe3a808b
4 changed files with 94 additions and 0 deletions
--- a/spec/lib/truncate_logs_formatter_spec.rb
+++ b/spec/lib/truncate_logs_formatter_spec.rb
@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+RSpec.describe TruncateLogsFormatter do
+  describe "#call" do
+    describe "when the formatter is initialized with `log_line_max_chars` of 10" do
+      let(:formatter) { TruncateLogsFormatter.new(log_line_max_chars: 10) }
+
+      describe "when the messages is 5 characters long" do
+        it "should not carry out any truncation of the message" do
+          expect(formatter.call(nil, nil, nil, "abcde")).to eq("abcde")
+        end
+      end
+
+      describe "when the message is 10 characters long" do
+        it "should not carry out any truncation of the message" do
+          expect(formatter.call(nil, nil, nil, "aaaaaaaaaa")).to eq("aaaaaaaaaa")
+        end
+      end
+
+      describe "when the message is 11 characters long" do
+        it "should truncate the message with the right postfix" do
+          expect(formatter.call(nil, nil, nil, "aaaaaaaaaaa")).to eq("aaaaaaaaaa...(truncated)")
+        end
+
+        it "should truncate the message with the right postfix while preserving newlines" do
+          expect(formatter.call(nil, nil, nil, "aaaaaaaaaaa\n")).to eq("aaaaaaaaaa...(truncated)\n")
+        end
+      end
+    end
+  end
+end