SECURITY: Limit the character count of group membership requests (#19993)

When creating a group membership request, there is no character
limit on the 'reason' field. This can be potentially be used by
an attacker to create enormous amount of data in the database.

Co-authored-by: Ted Johansson <ted@discourse.org>
This commit is contained in:
Natalie Tay
2023-01-25 19:50:33 +08:00
committed by GitHub
parent f91ac52a22
commit d5745d34c2
4 changed files with 29 additions and 1 deletions

View File

@ -0,0 +1,10 @@
# frozen_string_literal: true
RSpec.describe GroupRequest do
it { is_expected.to belong_to :user }
it { is_expected.to belong_to :group }
it do
is_expected.to validate_length_of(:reason).is_at_most(described_class::REASON_CHARACTER_LIMIT)
end
end