Restrict POST query size (#519)

* indexing: restrict POST body appended to query to 16384, avoid reading very large POST requests on indexing
2025-03-15 00:03:28 +01:00 · 2019-11-12 12:38:01 -08:00 · 2019-11-12 12:38:01 -08:00 · c7fdfe72a7
commit c7fdfe72a7
parent 0d819aadeb
1 changed files with 8 additions and 2 deletions
--- a/pywb/warcserver/inputrequest.py
+++ b/pywb/warcserver/inputrequest.py
@ -181,6 +181,8 @@ class POSTInputRequest(DirectWSGIInputRequest):

 # ============================================================================
 class MethodQueryCanonicalizer(object):
+    MAX_POST_SIZE = 16384
+
    def __init__(self, method, mime, length, stream,
                       buffered_stream=None,
                       environ=None):
@ -210,7 +212,9 @@ class MethodQueryCanonicalizer(object):
        if length <= 0:
            return

-        query = b''
+        # max POST query allowed, for size considerations, only read upto this size
+        length = min(length, self.MAX_POST_SIZE)
+        query = []

        while length > 0:
            buff = stream.read(length)
@ -219,7 +223,9 @@ class MethodQueryCanonicalizer(object):
            if not buff:
                break

-            query += buff
+            query.append(buff)
+
+        query = b''.join(query)

        if buffered_stream:
            buffered_stream.write(query)