SONAR-8351 limit number of webhooks to 10

1 files changed, 9 insertions, 1 deletions

diff --git a/sonar-core/src/main/java/org/sonar/core/config/WebhookProperties.java b/sonar-core/src/main/java/org/sonar/core/config/WebhookProperties.java
index 740c0487d85..76c44c3b4af 100644
--- a/sonar-core/src/main/java/org/sonar/core/config/WebhookProperties.java
+++ b/sonar-core/src/main/java/org/sonar/core/config/WebhookProperties.java
@@ -34,13 +34,21 @@ public class WebhookProperties {
   public static final String URL_FIELD = "url";
 
   /**
+   * Maximum allowed number of webhooks per type (globally or per project).
+   * That is required to not become a DoS attacker, for instance
+   * if thousands of webhooks are configured.
+   */
+  public static final long MAX_WEBHOOKS_PER_TYPE = 10;
+
+  /**
    * Prefix of the properties to be automatically exported from scanner to payload
    */
   public static final String ANALYSIS_PROPERTY_PREFIX = "sonar.analysis.";
 
   private static final String CATEGORY = "webhooks";
   private static final String DESCRIPTION = "Webhooks are used to notify external services when a project analysis is done. " +
-    "A HTTP POST request including a JSON payload is sent to each of the provided URLs. " +
+    "A HTTP POST request including a JSON payload is sent to each of the provided URLs. <br/>" +
+    "Maximum " + MAX_WEBHOOKS_PER_TYPE + " webhooks are allowed. <br/>" +
     "Learn more in the <a href=\"#\">Webhooks documentation</a>.";
 
   private WebhookProperties() {