plausible/analytics
1
1
Fork 0
mirror of https://github.com/plausible/analytics.git synced 2024-12-23 17:44:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

Trim prop list to 30 items during ingestion (#3009)

Browse Source 
This commit adds an upper bound limit to custom props. It fails silently
and trims the list instead of dropping the event.
This commit is contained in:
Vini Brasil 2023-06-07 09:24:43 +01:00 committed by GitHub
parent 131c99c69e
commit c559370201
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/plausible/ingestion/request.ex
View File

@ -183,11 +183,13 @@ defmodule Plausible.Ingestion.Request do
Changeset.put_change(changeset, :hostname, sanitize_hostname(host))
end
@max_props 30
defp put_props(changeset, %{} = request_body) do
props =
(request_body["m"] || request_body["meta"] || request_body["p"] || request_body["props"])
|> decode_props_or_fallback()
|> Enum.reject(fn {_k, v} -> is_nil(v) || is_list(v) || is_map(v) || v == "" end)
|> Enum.take(@max_props)
|> Map.new()
changeset

11
test/plausible/ingestion/request_test.exs
View File

@ -316,17 +316,20 @@ defmodule Plausible.Ingestion.RequestTest do
changeset.errors[:props]
end
test "does not fail when sending many props" do
test "trims prop list to 30 items when sending too many items" do
payload = %{
name: "pageview",
domain: "dummy.site",
url: "https://dummy.site/",
props: for(i <- 1..100, do: {"key_#{i}", "value"}, into: %{})
url: "http://dummy.site/index.html",
referrer: "https://example.com",
hashMode: 1,
props: for(i <- 1..50, do: {"#{i}", "foo"}, into: %{})
}
conn = build_conn(:post, "/api/events", payload)
assert {:ok, request} = Request.build(conn)
assert map_size(request.props) == 100
assert map_size(request.props) == 30
end
test "malicious input, technically valid json" do