osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2023-03-18. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
c8f8d9dbb61f65c240f0fe2bd3c8caff896a3ba8
osr-discourse-src/spec/models/group_request_spec.rb
T
Natalie Tay d5745d34c2 SECURITY: Limit the character count of group membership requests (#19993) 
When creating a group membership request, there is no character
limit on the 'reason' field. This can be potentially be used by
an attacker to create enormous amount of data in the database.

Co-authored-by: Ted Johansson <ted@discourse.org>
2023-01-25 13:50:33 +02:00

11 lines
261 B
Ruby
Raw Blame History

# frozen_string_literal: true
RSpec.describe GroupRequest do
it { is_expected.to belong_to :user }
it { is_expected.to belong_to :group }
it do
is_expected.to validate_length_of(:reason).is_at_most(described_class::REASON_CHARACTER_LIMIT)
end
end
Reference in New Issue View Git Blame Copy Permalink