Skip to content

eventlog: add field length limits in create_event view#1519

Merged
davmlaw merged 4 commits into
masterfrom
eventlog-field-length-limits
May 18, 2026
Merged

eventlog: add field length limits in create_event view#1519
davmlaw merged 4 commits into
masterfrom
eventlog-field-length-limits

Conversation

@davmlaw
Copy link
Copy Markdown
Contributor

@davmlaw davmlaw commented Apr 2, 2026

Truncates user-supplied fields in the create_event POST endpoint before writing to the database:

  • app_name: 100 characters
  • event_name: 200 characters
  • details: 10,000 characters

Relates to SACGF/variantgrid_private#3819

@davmlaw
eventlog: add field length limits in create_event view
99bc69d 
Truncate app_name (100), event_name (200), and details (10,000 chars)
to prevent unbounded text accumulation in the database.
@davmlaw
Copy link
Copy Markdown
Contributor Author

davmlaw commented May 18, 2026

I agree that we should do this, but we should record that we trimmed

davmlaw added 3 commits May 18, 2026 10:32
@davmlaw
eventlog: mark trimmed details with a footer
315ec9c 
So readers can tell the field was truncated rather than guess whether
the log entry just ended early. Only applied when truncation actually
happened, and only to details (app_name/event_name are identifiers).
@davmlaw
eventlog: apply trim marker to all length-capped fields
a8970be 
Replace per-field truncation with a max-length dict + loop, so any
field that exceeds its cap gets the same "\n[trimmed to N characters]"
footer rather than only details.
@davmlaw
eventlog: trim Event kwargs in place rather than via shadow dict
ae2444d
@davmlaw davmlaw merged commit 7f56ea7 into master May 18, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@davmlaw