Skip to content

Add suggestion_commit_message length validation

What does this MR do and why?

In MR !21411 (merged) gitlab added field suggestion_commit_message that stores template for suggestion application commits. This field in DB is created as suggestion_commit_message character varying(255). However, there's not enough validation for that field added on application-level. There's a maxlength attribute on textarea when editing this value in settings, but there's nothing to prevent sending longer value in API.

Here's a response when setting this value to a string longer than 255 using API on production:

{
  "message": "500 Internal Server Error"
}

After my change it becomes:

{
  "message": {
    "suggestion_commit_message": [
      "is too long (maximum is 255 characters)"
    ]
  }
}

How to set up and validate locally

I've tested it using following request on gdk:

PUT http://localhost:3000/api/v4/projects/6
Accept: application/json
Content-Type: application/json
Authorization: Bearer ypCa3Dzb23o5nvsixwPA

{
  "suggestion_commit_message": "01234657012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798v9801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798012346579801234657980123465798"
}

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Merge request reports

Loading