iriusrisk · dantolin-iriusrisk · Dec 17, 2024 · Dec 9, 2024 · Dec 10, 2024 · Dec 11, 2024
diff --git a/deployment/Dockerfile.application b/deployment/Dockerfile.application
@@ -4,8 +4,9 @@ WORKDIR /usr/src/app
 
 RUN apk update && \
     apk upgrade && \
-    apk --no-cache add geos geos-dev git graphviz-dev lapack libmagic libstdc++ && \
-    apk --no-cache add --virtual .builddeps g++ gcc gfortran lapack-dev musl-dev py3-pybind11-dev re2 re2-dev
+    apk add --repository=https://dl-cdn.alpinelinux.org/alpine/v3.20/main --repository=https://dl-cdn.alpinelinux.org/alpine/v3.20/community \
+                g++~=13.2 gcc~=13.2 gfortran~=13.2 libgcc~=13.2 libstdc++~=13.2 && \
+    apk --no-cache add geos geos-dev git graphviz-dev lapack lapack-dev libmagic musl-dev py3-pybind11-dev re2 re2-dev
 
 COPY . .
 

diff --git a/otm/otm/entity/component.py b/otm/otm/entity/component.py
@@ -3,6 +3,11 @@
 from otm.otm.entity.parent_type import ParentType
 from otm.otm.entity.representation import RepresentationElement
 from otm.otm.entity.threat import ThreatInstance
+from sl_util.sl_util.str_utils import truncate
+
+
+MAX_NAME_SIZE = 255
+MAX_TAG_SIZE = 255
 
 
 class Component:
@@ -19,6 +24,22 @@ def __init__(self, component_id, name, component_type=None, parent=None, parent_
         self.threats: [ThreatInstance] = threats or []
         self.representations: List[RepresentationElement] = representations
 
+    @property
+    def name(self):
+        return self._name
+
+    @name.setter
+    def name(self, value):
+        self._name = truncate(value, MAX_NAME_SIZE)
+
+    @property
+    def tags (self):
+        return self._tags
+
+    @tags.setter
+    def tags(self, value):
+        self._tags = [tag for tag in value if tag and len(tag) <= MAX_TAG_SIZE] if value else None
+
     def add_threat(self, threat: ThreatInstance):
         self.threats.append(threat)
 

diff --git a/otm/otm/entity/dataflow.py b/otm/otm/entity/dataflow.py
@@ -1,3 +1,10 @@
+from sl_util.sl_util.str_utils import truncate
+
+
+MAX_NAME_SIZE = 255
+MAX_TAG_SIZE = 255
+
+
 class Dataflow:
     def __init__(self, dataflow_id, name, source_node, destination_node, bidirectional: bool = None,
                  source=None, attributes=None, tags=None):
@@ -10,6 +17,22 @@ def __init__(self, dataflow_id, name, source_node, destination_node, bidirection
         self.attributes = attributes
         self.tags = tags
 
+    @property
+    def name(self):
+        return self._name
+
+    @name.setter
+    def name(self, value):
+        self._name = truncate(value, MAX_NAME_SIZE)
+
+    @property
+    def tags (self):
+        return self._tags
+
+    @tags.setter
+    def tags(self, value):
+        self._tags = [tag for tag in value if tag and len(tag) <= MAX_TAG_SIZE] if value else None
+
     def json(self):
         json = {
             "id": self.id,

diff --git a/otm/otm/entity/trustzone.py b/otm/otm/entity/trustzone.py
@@ -1,4 +1,8 @@
 from otm.otm.entity.parent_type import ParentType
+from sl_util.sl_util.str_utils import truncate
+
+
+MAX_NAME_SIZE = 255
 
 
 class Trustzone:
@@ -14,6 +18,14 @@ def __init__(self, trustzone_id, name, parent=None, parent_type: ParentType = No
         self.trustrating = trustrating
         self.representations = representations
 
+    @property
+    def name(self):
+        return self._name
+
+    @name.setter
+    def name(self, value):
+        self._name = truncate(value, MAX_NAME_SIZE)
+
     def __eq__(self, other):
         return type(other) == Trustzone and self.id == other.id
 

diff --git a/sl_util/sl_util/str_utils.py b/sl_util/sl_util/str_utils.py
@@ -21,3 +21,6 @@ def to_number(input, default_value: int = 0) -> int:
             return w2n.word_to_num(input)
         except ValueError:
             return default_value
+
+def truncate(s: str, max_length: int) -> str:
+    return s[:max_length] if s else s
diff --git a/slp_drawio/tests/unit/load/test_diagram_dataflow_loader.py b/slp_drawio/tests/unit/load/test_diagram_dataflow_loader.py
@@ -32,7 +32,7 @@ def test_load(self, get_dataflow_tags_wrapper):
         assert diagram_dataflows[1].otm.name == 'pt2kyrPXSm7H56EBWWGj-8-dataflow'
         assert diagram_dataflows[1].otm.source_node == 'pt2kyrPXSm7H56EBWWGj-7'
         assert diagram_dataflows[1].otm.destination_node == 'pt2kyrPXSm7H56EBWWGj-7'
-        assert len(diagram_dataflows[1].otm.tags) == 0
+        assert not diagram_dataflows[1].otm.tags
 
         # AND the method get_dataflow_tags has been called once for each dataflow
         assert get_dataflow_tags_wrapper.call_count == len(diagram_dataflows)
diff --git a/slp_tfplan/tests/unit/map/test_tfplan_mapper.py b/slp_tfplan/tests/unit/map/test_tfplan_mapper.py
@@ -111,8 +111,8 @@ def test_mapping_by_type(self):
 
     @mark.parametrize('regex,resource_type', [
         param(r'^aws_\w*$','aws_vpc', id='aws_vpc'),
-        param(r'^a+$','a'*256, id='long_string'),
-        param(r'^(a+)+$','a'*256, id='redos_attack'),
+        param(r'^a+$','a'*255, id='long_string'),
+        param(r'^(a+)+$','a'*255, id='redos_attack'),
     ])
     def test_mapping_by_regex(self,regex,resource_type:str):
         # GIVEN a resource of some TF type