Also add limitng for ReplaceFilter

jasmith-hs · jasmith-hs · commit 089b7414dbb9 · 2023-12-13T10:41:27.000-05:00
diff --git a/src/main/java/com/hubspot/jinjava/lib/filter/ReplaceFilter.java b/src/main/java/com/hubspot/jinjava/lib/filter/ReplaceFilter.java
@@ -3,6 +3,8 @@
 import com.hubspot.jinjava.doc.annotations.JinjavaDoc;
 import com.hubspot.jinjava.doc.annotations.JinjavaParam;
 import com.hubspot.jinjava.doc.annotations.JinjavaSnippet;
+import com.hubspot.jinjava.interpret.InvalidInputException;
+import com.hubspot.jinjava.interpret.InvalidReason;
 import com.hubspot.jinjava.interpret.JinjavaInterpreter;
 import com.hubspot.jinjava.interpret.TemplateSyntaxException;
 import org.apache.commons.lang3.StringUtils;
@@ -66,6 +68,17 @@ public Object filter(Object var, JinjavaInterpreter interpreter, String... args)
     }
 
     String s = var.toString();
+    long maxStringLength = interpreter.getConfig().getMaxStringLength();
+    if (maxStringLength > 0 && s.length() > maxStringLength) {
+      throw new InvalidInputException(
+        interpreter,
+        this,
+        InvalidReason.LENGTH,
+        s.length(),
+        maxStringLength
+      );
+    }
+
     String toReplace = args[0];
     String replaceWith = args[1];
     Integer count = null;
diff --git a/src/test/java/com/hubspot/jinjava/lib/filter/ReplaceFilterTest.java b/src/test/java/com/hubspot/jinjava/lib/filter/ReplaceFilterTest.java
@@ -1,9 +1,13 @@
 package com.hubspot.jinjava.lib.filter;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 import com.hubspot.jinjava.BaseInterpretingTest;
+import com.hubspot.jinjava.Jinjava;
+import com.hubspot.jinjava.JinjavaConfig;
 import com.hubspot.jinjava.interpret.InterpretException;
+import com.hubspot.jinjava.interpret.InvalidInputException;
 import com.hubspot.jinjava.objects.SafeString;
 import org.junit.Before;
 import org.junit.Test;
@@ -52,4 +56,22 @@ public void replaceBoolean() {
     assertThat(filter.filter(true, interpreter, "true", "TRUEEE").toString())
       .isEqualTo("TRUEEE");
   }
+
+  @Test
+  public void itLimitsLongInput() {
+    assertThatThrownBy(
+        () ->
+          filter.filter(
+            "123456789OO",
+            new Jinjava(JinjavaConfig.newBuilder().withMaxStringLength(10).build())
+            .newInterpreter(),
+            "O",
+            "0"
+          )
+      )
+      .isInstanceOf(InvalidInputException.class)
+      .hasMessageContaining(
+        "Invalid input for 'replace': input with length '11' exceeds maximum allowed length of '10'"
+      );
+  }
 }
