Limit the size of issuable description and comments

Limiting the size of issuable description and comments to 1_000_000, which is close to ~1MB of ASCII characters, which represents 99.9% of all descriptions and comments we have in DB at the moment. This should help prevent DoS attacks when comments contain refference strings. Also this change updates regexp matching the namespaces paths by limiting the namespaces paths to Namespace::NUMBER_OF_ANCESTORS_ALLOWED, as we allow 20 levels deep groups. see https://gitlab.com/gitlab-org/gitlab-ce/issues/61974#note_191274234
author: Alexandru Croitor <acroitor@gitlab.com> 2019-07-17 12:54:40 +0300
committer: Alexandru Croitor <acroitor@gitlab.com> 2019-08-22 10:43:13 +0300
commit: 5af535d919c50951513f5859730afd924a01c29b (patch)
tree: fcd3d97c37a6b292d25c206c05ca890f7c420906 /doc/api/issues.md
parent: 8ae75677a38eafe5dda2ffe716df26a72093c5a8 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/api/issues.md b/doc/api/issues.md
index 96a547551f1..ef479bc9829 100644
--- a/doc/api/issues.md
+++ b/doc/api/issues.md
@@ -593,7 +593,7 @@ POST /projects/:id/issues
 | `id`                                      | integer/string | yes      | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
 | `iid`                                     | integer/string | no       | The internal ID of the project's issue (requires admin or project owner rights) |
 | `title`                                   | string         | yes      | The title of an issue |
-| `description`                             | string         | no       | The description of an issue  |
+| `description`                             | string         | no       | The description of an issue. Limited to 1 000 000 characters. |
 | `confidential`                            | boolean        | no       | Set an issue to be confidential. Default is `false`.  |
 | `assignee_ids`                            | integer array  | no       | The ID of a user to assign issue |
 | `milestone_id`                            | integer        | no       | The global ID of a milestone to assign issue  |
@@ -694,7 +694,7 @@ PUT /projects/:id/issues/:issue_iid
 | `id`           | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
 | `issue_iid`    | integer | yes      | The internal ID of a project's issue                                                                       |
 | `title`        | string  | no       | The title of an issue                                                                                      |
-| `description`  | string  | no       | The description of an issue                                                                                |
+| `description`  | string  | no       | The description of an issue. Limited to 1 000 000 characters.        |
 | `confidential` | boolean | no       | Updates an issue to be confidential                                                                        |
 | `assignee_ids` | integer array | no | The ID of the user(s) to assign the issue to. Set to `0` or provide an empty value to unassign all assignees. |
 | `milestone_id` | integer | no       | The global ID of a milestone to assign the issue to. Set to `0` or provide an empty value to unassign a milestone.|
author	Alexandru Croitor <acroitor@gitlab.com>	2019-07-17 12:54:40 +0300
committer	Alexandru Croitor <acroitor@gitlab.com>	2019-08-22 10:43:13 +0300
commit	5af535d919c50951513f5859730afd924a01c29b (patch)
tree	fcd3d97c37a6b292d25c206c05ca890f7c420906 /doc/api/issues.md
parent	8ae75677a38eafe5dda2ffe716df26a72093c5a8 (diff)