Merge branch 'address-localhost-disk-consumption-attack' into 'main'
Avoid large logs of 127.0.0.1:5959 attack payloads See merge request veilid/veilid!158
This commit is contained in:
commit
64d9f456ce
@ -15,6 +15,8 @@ use veilid_core::tools::*;
|
||||
use veilid_core::*;
|
||||
use wg::AsyncWaitGroup;
|
||||
|
||||
const MAX_NON_JSON_LOGGING: usize = 50;
|
||||
|
||||
cfg_if! {
|
||||
if #[cfg(feature="rt-async-std")] {
|
||||
use async_std::io::prelude::BufReadExt;
|
||||
@ -201,12 +203,21 @@ impl ClientApi {
|
||||
jrp: JsonRequestProcessor,
|
||||
request_line: RequestLine,
|
||||
) -> VeilidAPIResult<Option<RequestLine>> {
|
||||
let line = request_line.line;
|
||||
let line = request_line.line.trim_start();
|
||||
|
||||
// Avoid logging failed deserialization of large adversarial payloads from
|
||||
// http://127.0.0.1:5959 by using an initial colon to force a parse error.
|
||||
let sanitized_line = if line.len() > MAX_NON_JSON_LOGGING && !line.starts_with("{") {
|
||||
":skipped long input that's not a JSON object".to_string()
|
||||
} else {
|
||||
line.to_string()
|
||||
};
|
||||
|
||||
let responses_tx = request_line.responses_tx;
|
||||
|
||||
// Unmarshal NDJSON - newline => json
|
||||
// (trim all whitespace around input lines just to make things more permissive for API users)
|
||||
let request: json_api::Request = deserialize_json(&line)?;
|
||||
let request: json_api::Request = deserialize_json(&sanitized_line)?;
|
||||
|
||||
// See if this is a control message or a veilid-core message
|
||||
let response = if let json_api::RequestOp::Control { args } = request.op {
|
||||
|
Loading…
Reference in New Issue
Block a user