sec: ADD data stream size check to prevent DoS with big data chunks that would reserve all resources #22

2026-05-25 13:17:41 +02:00 · 2026-05-25 13:17:41 +02:00 · 5727556344
commit 5727556344
parent a2ff6bd763
1 changed files with 15 additions and 1 deletions
--- a/main.py
+++ b/main.py
@ -250,7 +250,21 @@ async def upload_text(request: Request, authorized: bool = Depends(validate_uplo

    client_ip = get_real_ip(request)
    user_agent = request.headers.get("User-Agent", "unknown")
-    body = await request.body()
+
+    # Stream-read with a hard byte cap so an oversized request can't buffer into memory
+    total = 0
+    chunks = []
+    async for chunk in request.stream():
+        total += len(chunk)
+        if total > MAX_FILE_SIZE:
+            log("WARNING", "upload_failed",
+                client_ip=client_ip,
+                user_agent=user_agent,
+                reason="payload_too_large",
+                size_bytes=total)
+            raise HTTPException(status_code=413, detail="Payload too large")
+        chunks.append(chunk)
+    body = b"".join(chunks)
    content = body.decode('utf-8', errors='ignore')

    if not validate_content(content):