Page MenuHomeDevCentral

Add RequestBody guard for Rocket
ClosedPublic

Authored by dereckson on Apr 11 2023, 00:17.
Tags
None
Referenced Files
F3753452: D2994.id7649.diff
Mon, Nov 18, 01:44
Unknown Object (File)
Thu, Nov 14, 18:09
Unknown Object (File)
Wed, Nov 13, 15:10
Unknown Object (File)
Wed, Nov 13, 03:21
Unknown Object (File)
Wed, Nov 13, 03:19
Unknown Object (File)
Wed, Nov 13, 03:19
Unknown Object (File)
Wed, Nov 13, 02:57
Unknown Object (File)
Mon, Nov 11, 07:58
Subscribers
None
Tokens
"Y So Serious" token, awarded by dereckson.

Details

Summary

This commit adds a new data guard which allows reading the request body
as a string. The guard uses Rocket's simplified data guard and limits
the number of characters read to a million to prevent DoS attacks.

A use case for this guard is to pass arbitrary data to another part
of the application. Alkane API can uses this to expose the request
body to the build script using environment variable, where the 1M
limit is largely enough.

Ref T1826

Test Plan

Unit tests provided for RequestBody.

Feature tested in Alkane HTTP API with D2995.

Diff Detail

Repository
rLF Limiting Factor
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dereckson created this revision.
dereckson edited the test plan for this revision. (Show Details)

Ok, but to chmod 644

This revision is now accepted and ready to land.Apr 11 2023, 00:38
This revision was automatically updated to reflect the committed changes.