From 5e950bd501f2b8c01ea7dd61598f63f354ba35d1 Mon Sep 17 00:00:00 2001
From: Marcos Rocha <mrocha@gitlab.com>
Date: Wed, 31 Jan 2024 21:52:49 +0000
Subject: [PATCH] Add limits for license names

Changelog: changed
EE: true
---
 .../security_orchestration_policy.json        |  4 ++-
 ...orchestration_policy_configuration_spec.rb | 32 +++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/ee/app/validators/json_schemas/security_orchestration_policy.json b/ee/app/validators/json_schemas/security_orchestration_policy.json
index d5cf893a26fe9..52f4f425e1e94 100644
--- a/ee/app/validators/json_schemas/security_orchestration_policy.json
+++ b/ee/app/validators/json_schemas/security_orchestration_policy.json
@@ -656,11 +656,13 @@
                   "type": "array",
                   "description": "Specifies the licenses to match.",
                   "minItems": 1,
+                  "maxItems": 1000,
                   "uniqueItems": true,
                   "additionalItems": false,
                   "items": {
                     "type": "string",
-                    "minLength": 1
+                    "minLength": 1,
+                    "maxLength": 255
                   }
                 },
                 "license_states": {
diff --git a/ee/spec/models/security/orchestration_policy_configuration_spec.rb b/ee/spec/models/security/orchestration_policy_configuration_spec.rb
index 12aa3efa51297..b7f16c83ae0c0 100644
--- a/ee/spec/models/security/orchestration_policy_configuration_spec.rb
+++ b/ee/spec/models/security/orchestration_policy_configuration_spec.rb
@@ -1257,6 +1257,38 @@
             expect(errors).to contain_exactly(
               "property '/#{type}/0/rules/0/license_types/0' is invalid: error_type=minLength")
           end
+
+          context "when too long" do
+            before do
+              rule[:license_types] = ["a" * 256]
+            end
+
+            specify do
+              expect(errors).to contain_exactly("property '/#{type}/0/rules/0/license_types/0' is invalid: error_type=maxLength")
+            end
+          end
+
+          context "with repeated licenses" do
+            before do
+              rule[:license_types] = ["a"] * 2
+            end
+
+            specify do
+              expect(errors).to contain_exactly("property '/#{type}/0/rules/0/license_types' is invalid: error_type=uniqueItems")
+            end
+          end
+
+          context "with too many licenses" do
+            before do
+              licenses = []
+              1001.times { |i| licenses << "License #{i}" }
+              rule[:license_types] = licenses
+            end
+
+            specify do
+              expect(errors).to contain_exactly("property '/#{type}/0/rules/0/license_types' is invalid: error_type=maxItems")
+            end
+          end
         end
 
         describe "license_states" do
-- 
GitLab