Vulnerability name/title length doesn't correspond to schema
The schema has minLength
but no maxLength
: https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/10b5532ecf624a5006189bba1c368c7e3297e68b/src/security-report-format.json#L48-52
However, the model is limited to 800 characters:
https://sentry.gitlab.net/gitlab/gitlabcom/issues/2518232/?referrer=gitlab_plugin
ActiveRecord::RecordInvalid: Validation failed: Title html is too long (maximum is 800 characters)
active_record/validations.rb:80:in `raise_validation_error'
raise(RecordInvalid.new(self))
active_record/validations.rb:53:in `save!'
perform_validations(options) ? super : raise_validation_error
active_record/transactions.rb:318:in `block in save!'
with_transaction_returning_status { super }
active_record/transactions.rb:375:in `block in with_transaction_returning_status'
status = yield
active_record/connection_adapters/abstract/database_statements.rb:278:in `transaction'
yield
...
(109 additional frame(s) were not displayed)
Validation failed: Title html is too long (maximum is 800 characters)
Proposal
Document the limit in the schema by adding maxLength
that matches the model. Once validations are done, users will receive a better error message.
Implementation Plan
-
Implement a temporary index on the vulnerabilities
table for recordsWHERE LENGTH(title_html) > 800
-
Implement a Background Migration which searches for vulnerabilities where the length is greater than 800 characters and truncates it down to the required length. -
Remove the temporary index.
Edited by Gregory Havenga