sec: ADD data stream size check to prevent DoS with big data chunks that would reserve all resources #22
This commit is contained in:
parent
a2ff6bd763
commit
5727556344
GPG key ID:
CA295D643074C68C
1 changed files with 15 additions and 1 deletions
16
main.py
16
main.py
|
|
@ -250,7 +250,21 @@ async def upload_text(request: Request, authorized: bool = Depends(validate_uplo
|
||||||
|
|
||||||
client_ip = get_real_ip(request)
|
client_ip = get_real_ip(request)
|
||||||
user_agent = request.headers.get("User-Agent", "unknown")
|
user_agent = request.headers.get("User-Agent", "unknown")
|
||||||
body = await request.body()
|
|
||||||
|
# Stream-read with a hard byte cap so an oversized request can't buffer into memory
|
||||||
|
total = 0
|
||||||
|
chunks = []
|
||||||
|
async for chunk in request.stream():
|
||||||
|
total += len(chunk)
|
||||||
|
if total > MAX_FILE_SIZE:
|
||||||
|
log("WARNING", "upload_failed",
|
||||||
|
client_ip=client_ip,
|
||||||
|
user_agent=user_agent,
|
||||||
|
reason="payload_too_large",
|
||||||
|
size_bytes=total)
|
||||||
|
raise HTTPException(status_code=413, detail="Payload too large")
|
||||||
|
chunks.append(chunk)
|
||||||
|
body = b"".join(chunks)
|
||||||
content = body.decode('utf-8', errors='ignore')
|
content = body.decode('utf-8', errors='ignore')
|
||||||
|
|
||||||
if not validate_content(content):
|
if not validate_content(content):
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue