mirror of
https://github.com/discourse/discourse.git
synced 2024-12-05 08:30:12 +08:00
3e0cc4a5d9
When creating a group membership request, there is no character limit on the 'reason' field. This can be potentially be used by an attacker to create enormous amount of data in the database.
11 lines
261 B
Ruby
11 lines
261 B
Ruby
# frozen_string_literal: true
|
|
|
|
RSpec.describe GroupRequest do
|
|
it { is_expected.to belong_to :user }
|
|
it { is_expected.to belong_to :group }
|
|
|
|
it do
|
|
is_expected.to validate_length_of(:reason).is_at_most(described_class::REASON_CHARACTER_LIMIT)
|
|
end
|
|
end
|