Limit the size of the summary field in the Security report
What does this MR do?
Truncates the vulnerabilities[].evidence.summary field to a maximum of 20,000 characters. If the summary is greater than this length, the first 20k characters remain and the text ...[truncated] is appended to the end.
This protects DAST and Rails against vulnerability findings that include large amounts of JavaScript.
What are the relevant issue numbers?
gitlab-org/gitlab#259394 (closed)
Related to gitlab-org/gitlab#326786 (closed) as the test introduced for that issue has very large summaries.
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Job definition example -
Vendored CI Templates (also in CE)
-
-
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Cameron Swords