Skip to content

Commit

Permalink
Trim prop list to 30 items during ingestion (#3009)
Browse files Browse the repository at this point in the history
This commit adds an upper bound limit to custom props. It fails silently
and trims the list instead of dropping the event.
  • Loading branch information
vinibrsl authored Jun 7, 2023
1 parent 131c99c commit c559370
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 4 deletions.
2 changes: 2 additions & 0 deletions lib/plausible/ingestion/request.ex
Original file line number Diff line number Diff line change
Expand Up @@ -183,11 +183,13 @@ defmodule Plausible.Ingestion.Request do
Changeset.put_change(changeset, :hostname, sanitize_hostname(host))
end

@max_props 30
defp put_props(changeset, %{} = request_body) do
props =
(request_body["m"] || request_body["meta"] || request_body["p"] || request_body["props"])
|> decode_props_or_fallback()
|> Enum.reject(fn {_k, v} -> is_nil(v) || is_list(v) || is_map(v) || v == "" end)
|> Enum.take(@max_props)
|> Map.new()

changeset
Expand Down
11 changes: 7 additions & 4 deletions test/plausible/ingestion/request_test.exs
Original file line number Diff line number Diff line change
Expand Up @@ -316,17 +316,20 @@ defmodule Plausible.Ingestion.RequestTest do
changeset.errors[:props]
end

test "does not fail when sending many props" do
test "trims prop list to 30 items when sending too many items" do
payload = %{
name: "pageview",
domain: "dummy.site",
url: "https://dummy.site/",
props: for(i <- 1..100, do: {"key_#{i}", "value"}, into: %{})
url: "http://dummy.site/index.html",
referrer: "https://example.com",
hashMode: 1,
props: for(i <- 1..50, do: {"#{i}", "foo"}, into: %{})
}

conn = build_conn(:post, "/api/events", payload)

assert {:ok, request} = Request.build(conn)
assert map_size(request.props) == 100
assert map_size(request.props) == 30
end

test "malicious input, technically valid json" do
Expand Down

0 comments on commit c559370

Please sign in to comment.