github/oneuptime
1
1
Fork 0
mirror of https://github.com/OneUptime/oneuptime.git synced 2026-04-06 00:32:12 +02:00
Code Issues 193 Packages Projects Releases Wiki Activity

Bug: Inconsistency between backend and frontend secretValue field validation #849

New Issue
Closed
opened 2026-04-05 16:23:14 +02:00 by MrUnknownDE · 0 comments
MrUnknownDE commented 2026-04-05 16:23:14 +02:00
Owner
Copy Link

Originally created by @hart1dechu on 7/2/2024

Describe the bug

As you can see in the reproduce section, each line contains 2char + '\n' char and the complete alphabet. So each line is 29 characters (except the last one that is 28). In total i should be having 492 characters. This value is validated by the front since front only check if the current value is above 500 or not. But it doesnt pass the backend verification. In the database, secret value is encoded in OpenSSL salted, and the validation is according to that encoding, which mean after encoding my value length is far more above 500.

To Reproduce
Steps to reproduce the behavior:

  1. Go to 'Project Settings'
  2. Click on 'Secrets'
  3. Create a secret value containing
01abcdefghijklmnopqrstuvwxyz
02abcdefghijklmnopqrstuvwxyz
03abcdefghijklmnopqrstuvwxyz
04abcdefghijklmnopqrstuvwxyz
05abcdefghijklmnopqrstuvwxyz
06abcdefghijklmnopqrstuvwxyz
07abcdefghijklmnopqrstuvwxyz
08abcdefghijklmnopqrstuvwxyz
09abcdefghijklmnopqrstuvwxyz
10abcdefghijklmnopqrstuvwxyz
11abcdefghijklmnopqrstuvwxyz
12abcdefghijklmnopqrstuvwxyz
13abcdefghijklmnopqrstuvwxyz
14abcdefghijklmnopqrstuvwxyz
15abcdefghijklmnopqrstuvwxyz
16abcdefghijklmnopqrstuvwxyz
17abcdefghijklmnopqrstuvwxyz
  1. See API error on char should not be more than 500

Expected behavior

It should succeed

Screenshots
As you can see, my value is able to pass front validation, but not database one

image

Deployment Type
Is this issue on SaaS (at https://oneuptime.com) or self hosted (the version that you deployed on your server)?
Self hosted

Additional context
I actually wanted to add a JWT token as a secret, but was hit by a 500char limitation. So i was trying to figure it out how to bypass that limitation just to realise, there is a frontend limitation, and a database limitation, when both of them are not sync at all

  • Why is there a limitation for character length database side ? (character varying(500) instead of text)
  • Why isn't there a way to increase that value if we want to use very long secret ?
  • Is there a workaround ?
*Originally created by @hart1dechu on 7/2/2024* **Describe the bug** As you can see in the **reproduce section**, each line contains 2char + '\n' char and the complete alphabet. So each line is 29 characters (except the last one that is 28). In total i should be having 492 characters. This value is validated by the front since front only check if the current value is above 500 or not. But it doesnt pass the backend verification. In the database, secret value is encoded in OpenSSL salted, and the validation is according to that encoding, which mean after encoding my value length is far more above 500. **To Reproduce** Steps to reproduce the behavior: 1. Go to 'Project Settings' 2. Click on 'Secrets' 3. Create a secret value containing ``` 01abcdefghijklmnopqrstuvwxyz 02abcdefghijklmnopqrstuvwxyz 03abcdefghijklmnopqrstuvwxyz 04abcdefghijklmnopqrstuvwxyz 05abcdefghijklmnopqrstuvwxyz 06abcdefghijklmnopqrstuvwxyz 07abcdefghijklmnopqrstuvwxyz 08abcdefghijklmnopqrstuvwxyz 09abcdefghijklmnopqrstuvwxyz 10abcdefghijklmnopqrstuvwxyz 11abcdefghijklmnopqrstuvwxyz 12abcdefghijklmnopqrstuvwxyz 13abcdefghijklmnopqrstuvwxyz 14abcdefghijklmnopqrstuvwxyz 15abcdefghijklmnopqrstuvwxyz 16abcdefghijklmnopqrstuvwxyz 17abcdefghijklmnopqrstuvwxyz ``` 4. See API error on char should not be more than 500 **Expected behavior** It should succeed **Screenshots** As you can see, my value is able to pass front validation, but not database one ![image](https://github.com/OneUptime/oneuptime/assets/65031990/28f0022a-9503-44a5-81d6-1c23cc3ed5a9) **Deployment Type** Is this issue on SaaS (at https://oneuptime.com) or self hosted (the version that you deployed on your server)? Self hosted **Additional context** I actually wanted to add a JWT token as a secret, but was hit by a 500char limitation. So i was trying to figure it out how to bypass that limitation just to realise, there is a frontend limitation, and a database limitation, when both of them are not sync at all - Why is there a limitation for character length database side ? (character varying(500) instead of text) - Why isn't there a way to increase that value if we want to use very long secret ? - Is there a workaround ?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
backend
backend
backend
backend
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
documentation
documentation
documentation
documentation
documentation
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
high priority
java
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
level-1
level-1
level-3
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
needs review
no-code
no-code
php
php
php
python
python
python
wontfix
wontfix
write tests
write tests
write tests
write tests
write tests
write tests
write tests
write tests
write tests
write tests
write tests
write tests
write tests
write tests
write tests
write tests
write tests
write tests
write tests
write tests
write tests
write tests
write tests
No Label bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
MrUnknownDE
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github/oneuptime#849
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?