Restrict POST query size (#519)

* indexing: restrict POST body appended to query to 16384, avoid reading very large POST requests on indexing

pywb/warcserver/inputrequest.py

@@ -181,6 +181,8 @@ class POSTInputRequest(DirectWSGIInputRequest):
 
 # ============================================================================
 class MethodQueryCanonicalizer(object):
+    MAX_POST_SIZE = 16384
+
     def __init__(self, method, mime, length, stream,
                        buffered_stream=None,
                        environ=None):
@@ -210,7 +212,9 @@ class MethodQueryCanonicalizer(object):
         if length <= 0:
             return
 
-        query = b''
+        # max POST query allowed, for size considerations, only read upto this size
+        length = min(length, self.MAX_POST_SIZE)
+        query = []
 
         while length > 0:
             buff = stream.read(length)
@@ -219,7 +223,9 @@ class MethodQueryCanonicalizer(object):
             if not buff:
                 break
 
-            query += buff
+            query.append(buff)
+
+        query = b''.join(query)
 
         if buffered_stream:
             buffered_stream.write(query)