VAULT-20396 Add limit of 100,000 to string templates (#26110)

* VAULT-20396 Add size limit to sdk string templates * VAULT-20396 wording changes * VAULT-20396 changelog
hashicorp · Mar 25, 2024 · da00add · da00add
1 parent 792eb3b
commit da00add
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 0 deletions.
diff --git a/changelog/26110.txt b/changelog/26110.txt
@@ -0,0 +1,3 @@
+```release-note:change
+sdk: String templates now have a maximum size of 100,000 characters.
+```
diff --git a/sdk/helper/template/template.go b/sdk/helper/template/template.go
@@ -129,6 +129,10 @@ func NewTemplate(opts ...Opt) (up StringTemplate, err error) {
 		return StringTemplate{}, fmt.Errorf("missing template")
 	}
 
+	if len(up.rawTemplate) >= 100000 {
+		return StringTemplate{}, fmt.Errorf("template too large, length of template must be less than 100,000")
+	}
+
 	tmpl, err := template.New("template").
 		Funcs(up.funcMap).
 		Parse(up.rawTemplate)

diff --git a/sdk/helper/template/template_test.go b/sdk/helper/template/template_test.go
@@ -5,6 +5,7 @@ package template
 
 import (
 	"fmt"
+	"strings"
 	"testing"
 
 	"github.com/stretchr/testify/require"
@@ -150,6 +151,16 @@ Some string 6841cf80`,
 			require.Regexp(t, `^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z$`, actual)
 		}
 	})
+
+	t.Run("too-large-overflow", func(t *testing.T) {
+		data := "{{" + strings.Repeat("(", 1000000)
+		_, err := NewTemplate(
+			Template(data),
+		)
+		// We expect an error due it being too large,
+		// this test should not fail with an overflow
+		require.Error(t, err)
+	})
 }
 
 func TestBadConstructorArguments(t *testing.T) {