discourse/group_request_spec.rb at 3374457c447992a4f4c0249f554eeede5151aeb6 - discourse - 龙芯开发者社区代码库

github-mirror/discourse

mirror of https://github.com/discourse/discourse.git synced 2024-12-03 19:33:38 +08:00

Ted Johansson 3e0cc4a5d9 SECURITY: Limit the character count of group membership requests

When creating a group membership request, there is no character
limit on the 'reason' field. This can be potentially be used by
an attacker to create enormous amount of data in the database.

2023-01-25 13:53:07 +02:00

11 lines

261 B

Ruby

Raw Blame History

 # frozen_string_literal: true
 RSpec.describe GroupRequest do
   it { is_expected.to belong_to :user }
   it { is_expected.to belong_to :group }
   it do
     is_expected.to validate_length_of(:reason).is_at_most(described_class::REASON_CHARACTER_LIMIT)
   end
 end