Add max length to tags (#1132)

yeti-platform · Sep 9, 2024 · f1f0082 · f1f0082
1 parent 0fd5deb
commit f1f0082
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 2 deletions.
diff --git a/core/schemas/tag.py b/core/schemas/tag.py
@@ -11,6 +11,8 @@
 
 DEFAULT_EXPIRATION = datetime.timedelta(days=30)  # Completely arbitrary
 
+MAX_TAG_LENGTH = 50
+
 
 def future():
     return DEFAULT_EXPIRATION
@@ -30,7 +32,7 @@ class Tag(YetiModel, database_arango.ArangoYetiConnector):
     _collection_name: ClassVar[str] = "tags"
     _type_filter: ClassVar[str | None] = None
 
-    name: str
+    name: str = Field(max_length=MAX_TAG_LENGTH)
     count: int = 0
     created: datetime.datetime = Field(default_factory=now)
     default_expiration: datetime.timedelta = DEFAULT_EXPIRATION

diff --git a/core/web/apiv2/observables.py b/core/web/apiv2/observables.py
@@ -5,6 +5,7 @@
 
 from core.schemas import graph
 from core.schemas.observable import TYPE_MAPPING, Observable, ObservableType
+from core.schemas.tag import MAX_TAG_LENGTH
 
 ObservableTypes = ()
 
@@ -25,8 +26,10 @@ class TagRequestMixin(BaseModel):
     @classmethod
     def validate_tags(cls, value) -> list[str]:
         for tag in value:
-            if not tag:
+            if not tag or not tag.strip():
                 raise ValueError("Tags cannot be empty")
+            if len(tag) > MAX_TAG_LENGTH:
+                raise ValueError(f"Tag {tag} exceeds max length ({MAX_TAG_LENGTH})")
         return value
 
 

diff --git a/tests/apiv2/observables.py b/tests/apiv2/observables.py
@@ -220,6 +220,29 @@ def test_create_observable_empty_tags(self):
             data["detail"][0]["msg"], "Value error, Tags cannot be empty", data
         )
 
+        response = client.post(
+            "/api/v2/observables/",
+            json={"value": "toto.com", "type": "hostname", "tags": [" "]},
+        )
+        data = response.json()
+        self.assertEqual(response.status_code, 422, data)
+        self.assertEqual(
+            data["detail"][0]["msg"], "Value error, Tags cannot be empty", data
+        )
+
+    def test_create_observable_toolong_tag(self):
+        response = client.post(
+            "/api/v2/observables/",
+            json={"value": "toto.com", "type": "hostname", "tags": ["tag1", "a" * 200]},
+        )
+        data = response.json()
+        self.assertEqual(response.status_code, 422, data)
+        self.assertEqual(
+            data["detail"][0]["msg"],
+            f"Value error, Tag {'a'*200} exceeds max length (50)",
+            data,
+        )
+
     def test_create_extended_observable(self):
         response = client.post(
             "/api/v2/observables/extended",