Requests: No Length Boundaries for Comment Messages

[Samk13]

Package version (if known): v12rc2 / latest

Describe the bug

The comment feature in the Requests allows users to send comments with no limit on length, posing a security risk such as denial of service attacks or system crashes due to excessively long messages.

Steps to Reproduce

1. Go to the Requests package.
2. Compose a new comment.
3. Keep adding text without any restriction.
4. Observe that there is no limit enforced, allowing potentially dangerous message lengths.

Expected behavior

The system should enforce a reasonable limit on the length of comments to prevent abuse and ensure stability.

Screenshots (if applicable)

Links:

https://github.com/fenekku/invenio-requests/blob/master/invenio_requests/customizations/event_types.py#L145

https://github.com/inveniosoftware/invenio-requests/blob/82dbf2885c8e777caa1c5163971ab5c31aca5398/invenio_requests/records/jsonschemas/requests/definitions-v1.0.0.json#L12

https://github.com/inveniosoftware/invenio-requests/blob/master/invenio_requests/services/events/service.py

[Samk13]

Questions:

• What is the acceptable max length for comments?

• Besides adding boundaries into the model here, is it needed to enforce the constraints in the schema and update the services?

• Should we add wordcount -> here, would this count correctlly?