Cap length of GitStatus updates (#19810)

* [server] ValidateGitStatusLength (max: 4096)

Behind feature flag api_validate_git_status_length

* [supervisor] Cap length of GitStatus message

* [supervisor] cap gitstatus test

Author: geropl

components/server/src/workspace/workspace-service.ts

@@ -717,6 +717,19 @@ export class WorkspaceService {
     ) {
         await this.auth.checkPermissionOnWorkspace(userId, "access", workspaceId);
 
+        if (!!gitStatus) {
+            const validateGitStatusLength = await getExperimentsClientForBackend().getValueAsync(
+                "api_validate_git_status_length",
+                false,
+                {
+                    user: { id: userId || "" },
+                },
+            );
+            if (validateGitStatusLength) {
+                this.validateGitStatusLength(gitStatus);
+            }
+        }
+
         let instance = await this.getCurrentInstance(userId, workspaceId);
         if (WorkspaceInstanceRepoStatus.equals(instance.gitStatus, gitStatus)) {
             return;
@@ -731,6 +744,23 @@ export class WorkspaceService {
         });
     }
 
+    protected validateGitStatusLength(gitStatus: Required<WorkspaceInstanceRepoStatus>) {
+        /** [bytes] */
+        const MAX_GIT_STATUS_LENGTH = 4096;
+
+        try {
+            const s = JSON.stringify(gitStatus);
+            if (Buffer.byteLength(s, "utf8") > MAX_GIT_STATUS_LENGTH) {
+                throw new ApplicationError(
+                    ErrorCodes.BAD_REQUEST,
+                    `gitStatus too long, maximum is ${MAX_GIT_STATUS_LENGTH} bytes`,
+                );
+            }
+        } catch (err) {
+            throw new ApplicationError(ErrorCodes.BAD_REQUEST, "Invalid gitStatus: " + err.message);
+        }
+    }
+
     public async getSupportedWorkspaceClasses(user: { id: string }): Promise<SupportedWorkspaceClass[]> {
         return this.installationService.getInstallationWorkspaceClasses(user.id);
     }

components/supervisor/pkg/serverapi/publicapi.go

@@ -7,6 +7,7 @@ package serverapi
 import (
 	"context"
 	"crypto/tls"
+	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
@@ -246,7 +247,7 @@ func (s *Service) UpdateGitStatus(ctx context.Context, status *gitpod.WorkspaceI
 		WorkspaceId: workspaceID,
 	}
 	if status != nil {
-		payload.Status = &v1.GitStatus{
+		payload.Status = capGitStatusLength(&v1.GitStatus{
 			Branch:               status.Branch,
 			LatestCommit:         status.LatestCommit,
 			TotalUncommitedFiles: int32(status.TotalUncommitedFiles),
@@ -255,7 +256,7 @@ func (s *Service) UpdateGitStatus(ctx context.Context, status *gitpod.WorkspaceI
 			UncommitedFiles:      status.UncommitedFiles,
 			UnpushedCommits:      status.UnpushedCommits,
 			UntrackedFiles:       status.UntrackedFiles,
-		}
+		})
 	}
 	_, err = service.UpdateGitStatus(ctx, payload)
 	return
@@ -515,3 +516,47 @@ func workspaceStatusToWorkspaceInstance(status *v1.WorkspaceStatus) *gitpod.Work
 	}
 	return instance
 }
+
+const GIT_STATUS_API_LIMIT_BYTES = 4096
+
+func capGitStatusLength(s *v1.GitStatus) *v1.GitStatus {
+	const MARGIN = 200                                     // bytes (we account for differences in JSON formatting, as well JSON escape characters in the static part of the status)
+	const API_BUDGET = GIT_STATUS_API_LIMIT_BYTES - MARGIN // bytes
+
+	// calculate JSON length in bytes
+	bytes, err := json.Marshal(s)
+	if err != nil {
+		log.WithError(err).Warn("cannot marshal GitStatus to calculate byte length")
+		s.UncommitedFiles = nil
+		s.UnpushedCommits = nil
+		s.UntrackedFiles = nil
+		return s
+	}
+	if len(bytes) < API_BUDGET {
+		return s
+	}
+
+	// roughly estimate how many bytes we have left for the path arrays (containing long strings)
+	budget := API_BUDGET - len(s.Branch) - len(s.LatestCommit)
+	bytesUsed := 0
+	const PLACEHOLDER = "..."
+	capArrayAtByteLimit := func(arr []string) []string {
+		result := make([]string, 0, len(arr))
+		for _, s := range arr {
+			bytesRequired := len(s) + 4 // 4 bytes for the JSON encoding
+			if bytesUsed+bytesRequired+len(PLACEHOLDER) > budget {
+				result = append(result, PLACEHOLDER)
+				bytesUsed += len(PLACEHOLDER) + 4
+				break
+			}
+			result = append(result, s)
+			bytesUsed += bytesRequired
+		}
+		return result
+	}
+	s.UncommitedFiles = capArrayAtByteLimit(s.UncommitedFiles)
+	s.UnpushedCommits = capArrayAtByteLimit(s.UnpushedCommits)
+	s.UntrackedFiles = capArrayAtByteLimit(s.UntrackedFiles)
+
+	return s
+}

components/supervisor/pkg/serverapi/publicapi_test.go

@@ -0,0 +1,147 @@
+// Copyright (c) 2024 Gitpod GmbH. All rights reserved.
+// Licensed under the GNU Affero General Public License (AGPL).
+// See License.AGPL.txt in the project root for license information.
+
+package serverapi
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+	"testing"
+
+	v1 "github.com/gitpod-io/gitpod/components/public-api/go/experimental/v1"
+	"github.com/google/go-cmp/cmp"
+	"github.com/google/go-cmp/cmp/cmpopts"
+)
+
+func generateArray(prefix string, number int, length int, withDot bool) []string {
+	var arr []string
+	for i := 0; i < number; i++ {
+		lengthyPart := strings.Repeat("a", length)
+		arr = append(arr, fmt.Sprintf("%s_%d_%s", prefix, i, lengthyPart))
+	}
+	if withDot {
+		arr = append(arr, "...")
+	}
+	return arr
+}
+
+func TestCapGitStatusLength(t *testing.T) {
+
+	tests := []struct {
+		name     string
+		input    *v1.GitStatus
+		expected *v1.GitStatus
+	}{
+		{
+			name: "Short GitStatus",
+			input: &v1.GitStatus{
+				Branch:               "main",
+				LatestCommit:         "abc123",
+				TotalUncommitedFiles: 2,
+				TotalUnpushedCommits: 3,
+				TotalUntrackedFiles:  4,
+				UncommitedFiles:      []string{"file1.txt", "file2.txt"},
+				UnpushedCommits:      []string{"commit1", "commit2", "commit3"},
+				UntrackedFiles:       []string{"file3.txt", "file4.txt", "file5.txt", "file6.txt"},
+			},
+			expected: &v1.GitStatus{
+				Branch:               "main",
+				LatestCommit:         "abc123",
+				TotalUncommitedFiles: 2,
+				TotalUnpushedCommits: 3,
+				TotalUntrackedFiles:  4,
+				UncommitedFiles:      []string{"file1.txt", "file2.txt"},
+				UnpushedCommits:      []string{"commit1", "commit2", "commit3"},
+				UntrackedFiles:       []string{"file3.txt", "file4.txt", "file5.txt", "file6.txt"},
+			},
+		},
+		{
+			name: "Long GitStatus",
+			input: &v1.GitStatus{
+				Branch:               "main",
+				LatestCommit:         "abc123",
+				TotalUncommitedFiles: 2,
+				TotalUnpushedCommits: 3,
+				TotalUntrackedFiles:  4,
+				UncommitedFiles:      []string{"file1.txt", "file2.txt", "file3.txt", "file4.txt", "file5.txt", "file6.txt"},
+				UnpushedCommits:      []string{"commit1", "commit2", "commit3", "commit4", "commit5", "commit6", "commit7"},
+				UntrackedFiles:       generateArray("file", 800, 10, false),
+			},
+			expected: &v1.GitStatus{
+				Branch:               "main",
+				LatestCommit:         "abc123",
+				TotalUncommitedFiles: 2,
+				TotalUnpushedCommits: 3,
+				TotalUntrackedFiles:  4,
+				UncommitedFiles:      []string{"file1.txt", "file2.txt", "file3.txt", "file4.txt", "file5.txt", "file6.txt"},
+				UnpushedCommits:      []string{"commit1", "commit2", "commit3", "commit4", "commit5", "commit6", "commit7"},
+				UntrackedFiles:       generateArray("file", 166, 10, true),
+			},
+		},
+		{
+			name: "Long paths in GitStatus",
+			input: &v1.GitStatus{
+				Branch:               "main",
+				LatestCommit:         "abc123",
+				TotalUncommitedFiles: 2,
+				TotalUnpushedCommits: 3,
+				TotalUntrackedFiles:  4,
+				UncommitedFiles:      []string{"file1.txt", "file2.txt", "file3.txt", "file4.txt", "file5.txt", "file6.txt"},
+				UnpushedCommits:      []string{"commit1", "commit2", "commit3", "commit4", "commit5", "commit6", "commit7"},
+				UntrackedFiles:       generateArray("file", 50, 200, false),
+			},
+			expected: &v1.GitStatus{
+				Branch:               "main",
+				LatestCommit:         "abc123",
+				TotalUncommitedFiles: 2,
+				TotalUnpushedCommits: 3,
+				TotalUntrackedFiles:  4,
+				UncommitedFiles:      []string{"file1.txt", "file2.txt", "file3.txt", "file4.txt", "file5.txt", "file6.txt"},
+				UnpushedCommits:      []string{"commit1", "commit2", "commit3", "commit4", "commit5", "commit6", "commit7"},
+				UntrackedFiles:       generateArray("file", 17, 200, true),
+			},
+		},
+		{
+			name: "Empty GitStatus",
+			input: &v1.GitStatus{
+				Branch:               "",
+				LatestCommit:         "",
+				TotalUncommitedFiles: 0,
+				TotalUnpushedCommits: 0,
+				TotalUntrackedFiles:  0,
+				UncommitedFiles:      nil,
+				UnpushedCommits:      nil,
+				UntrackedFiles:       nil,
+			},
+			expected: &v1.GitStatus{
+				Branch:               "",
+				LatestCommit:         "",
+				TotalUncommitedFiles: 0,
+				TotalUnpushedCommits: 0,
+				TotalUntrackedFiles:  0,
+				UncommitedFiles:      nil,
+				UnpushedCommits:      nil,
+				UntrackedFiles:       nil,
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := capGitStatusLength(tt.input)
+			if diff := cmp.Diff(tt.expected, got, cmpopts.IgnoreUnexported(v1.GitStatus{})); diff != "" {
+				t.Errorf("CapGitStatusLength (-want +got):\n%s", diff)
+			}
+
+			bytes, err := json.Marshal(tt.input)
+			if err != nil {
+				t.Error(err)
+			}
+			if len(bytes) > GIT_STATUS_API_LIMIT_BYTES {
+				t.Errorf("JSON size exceeds GIT_STATUS_API_LIMIT_BYTES: %d (%d)", len(bytes), GIT_STATUS_API_LIMIT_BYTES)
+			}
+		})
+	}
+}