Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Cases] Guardrails: Limit bulk get cases and bulk get attachments #161088

Merged
Prev Previous commit
Next Next commit
Change the cases limit to 1000. Fix merging conflicts.
  • Loading branch information
adcoelho committed Jul 4, 2023
commit 2cc4628e8a2eb0c56133cfcf9f55c606fb54c076
2 changes: 1 addition & 1 deletion x-pack/plugins/cases/common/api/cases/case.ts
Original file line number Diff line number Diff line change
@@ -510,7 +510,7 @@ export const GetCategoriesResponseRt = rt.array(rt.string);
export const GetReportersResponseRt = rt.array(UserRt);

export const CasesBulkGetRequestRt = rt.strict({
ids: limitedArraySchema(rt.string, 1, MAX_BULK_GET_CASES, 'ids'),
ids: limitedArraySchema({ codec: rt.string, min: 1, max: MAX_BULK_GET_CASES, fieldName: 'ids' }),
});

export const CasesBulkGetResponseRt = rt.strict({
7 changes: 6 additions & 1 deletion x-pack/plugins/cases/common/api/cases/comment/index.ts
Original file line number Diff line number Diff line change
@@ -309,7 +309,12 @@ export const FindCommentsQueryParamsRt = rt.exact(
export const BulkCreateCommentRequestRt = rt.array(CommentRequestRt);

export const BulkGetAttachmentsRequestRt = rt.strict({
ids: limitedArraySchema(rt.string, 1, MAX_BULK_GET_ATTACHMENTS, 'ids'),
ids: limitedArraySchema({
codec: rt.string,
min: 1,
max: MAX_BULK_GET_ATTACHMENTS,
fieldName: 'ids',
}),
});

export const BulkGetAttachmentsResponseRt = rt.strict({
2 changes: 1 addition & 1 deletion x-pack/plugins/cases/common/constants/index.ts
Original file line number Diff line number Diff line change
@@ -103,7 +103,7 @@ export const MAX_ALERTS_PER_CASE = 1000 as const;
export const MAX_DOCS_PER_PAGE = 10000 as const;
export const MAX_BULK_GET_ATTACHMENTS = 100 as const;
export const MAX_CONCURRENT_SEARCHES = 10 as const;
export const MAX_BULK_GET_CASES = 100 as const;
export const MAX_BULK_GET_CASES = 1000 as const;
export const MAX_COMMENTS_PER_PAGE = 100 as const;
export const MAX_CATEGORY_FILTER_LENGTH = 100 as const;
export const MAX_TAGS_FILTER_LENGTH = 100 as const;
Original file line number Diff line number Diff line change
@@ -7,6 +7,7 @@

import expect from '@kbn/expect';
import { CommentType } from '@kbn/cases-plugin/common';
import { MAX_BULK_GET_CASES } from '@kbn/cases-plugin/common/constants';
import { getPostCaseRequest, postCaseReq } from '../../../../common/lib/mock';
import { FtrProviderContext } from '../../../../common/ftr_provider_context';
import {
@@ -111,10 +112,10 @@ export default ({ getService }: FtrProviderContext): void => {
});

describe('errors', () => {
it('400s when requesting more than 100 cases', async () => {
it(`400s when requesting more than ${MAX_BULK_GET_CASES} cases`, async () => {
await bulkGetCases({
supertest,
ids: Array(101).fill('foobar'),
ids: Array(MAX_BULK_GET_CASES + 1).fill('foobar'),
expectedHttpCode: 400,
});
});