Skip to content

Requests: No Length Upper Boundary for Comment Messages #2731

New issue
New issue
Open
Bug
Open
Requests: No Length Upper Boundary for Comment Messages#2731
Bug
inveniosoftware/react-invenio-forms
#245
 (+1)
Labels
bugSomething isn't workingstaleNo activity for more than 60 days.
@Samk13

Description

@Samk13
Samk13
opened on Jul 2, 2024

Package version (if known): v12rc2 / latest

Describe the bug

The comment feature in the Requests allows users to send comments with no limit on length, posing a security risk such as denial of service attacks or system crashes due to excessively long messages.

Steps to Reproduce

  1. Go to the Requests package.
  2. Compose a new comment.
  3. Keep adding text without any restriction.
  4. Observe that there is no limit enforced, allowing potentially dangerous message lengths.

Expected behavior

The system should enforce a reasonable limit on the length of comments to prevent abuse and ensure stability.

Screenshots (if applicable)

image

Links:

https://github.com/fenekku/invenio-requests/blob/master/invenio_requests/customizations/event_types.py#L145

https://github.com/inveniosoftware/invenio-requests/blob/82dbf2885c8e777caa1c5163971ab5c31aca5398/invenio_requests/records/jsonschemas/requests/definitions-v1.0.0.json#L12

https://github.com/inveniosoftware/invenio-requests/blob/master/invenio_requests/services/events/service.py

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingstaleNo activity for more than 60 days.

    Type

    Bug

    Projects

    vNext

    Status

    Tested, triage

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions