From bfca4d9e627d171d9732163d2bc944706588cc18 Mon Sep 17 00:00:00 2001
From: Alex Goodman <wagoodman@users.noreply.github.com>
Date: Thu, 23 Jul 2020 20:35:26 -0400
Subject: [PATCH] limit update version string length (#61)

---
 internal/version/update.go      | 4 ++++
 internal/version/update_test.go | 7 +++++++
 2 files changed, 11 insertions(+)

diff --git a/internal/version/update.go b/internal/version/update.go
index be9b8edc..9892b319 100644
--- a/internal/version/update.go
+++ b/internal/version/update.go
@@ -64,5 +64,9 @@ func fetchLatestApplicationVersion() (*hashiVersion.Version, error) {
 	}
 
 	versionStr := strings.TrimSuffix(string(versionBytes), "\n")
+	if len(versionStr) > 50 {
+		return nil, fmt.Errorf("version too long: %q", versionStr[:50])
+	}
+
 	return hashiVersion.NewVersion(versionStr)
 }
diff --git a/internal/version/update_test.go b/internal/version/update_test.go
index 2484d69f..10c34b73 100644
--- a/internal/version/update_test.go
+++ b/internal/version/update_test.go
@@ -168,6 +168,13 @@ func TestFetchLatestApplicationVersion(t *testing.T) {
 			expected: nil,
 			err:      true,
 		},
+		{
+			name:     "too long",
+			response: "this is really long this is really long this is really long this is really long this is really long this is really long this is really long this is really long ",
+			code:     200,
+			expected: nil,
+			err:      true,
+		},
 	}
 
 	for _, test := range tests {