luzifer/ots
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add server side check for maximum secret size

Browse source 
closes #138

Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2023-10-21 19:35:57 +02:00
parent 9a530e1c66
commit 1623e09225
Signed by: luzifer
GPG key ID: D91C3E91E4CAD6F5
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
api.go
View file

@ -70,6 +70,11 @@ func (a apiServer) handleCreate(res http.ResponseWriter, r *http.Request) {
return return
} }
if cust.MaxSecretSize > 0 && len(secret) > int(cust.MaxSecretSize) {
a.errorResponse(res, http.StatusBadRequest, errors.New("secret size exceeds maximum"), "")
return
}
id, err := a.store.Create(secret, time.Duration(expiry)*time.Second) id, err := a.store.Create(secret, time.Duration(expiry)*time.Second)
if err != nil { if err != nil {
a.errorResponse(res, http.StatusInternalServerError, err, "creating secret") a.errorResponse(res, http.StatusInternalServerError, err, "creating secret")

1
pkg/customization/customize.go
View file

@ -29,6 +29,7 @@ type (
DisableFileAttachment bool `json:"disableFileAttachment" yaml:"disableFileAttachment"` DisableFileAttachment bool `json:"disableFileAttachment" yaml:"disableFileAttachment"`
MaxAttachmentSizeTotal int64 `json:"maxAttachmentSizeTotal" yaml:"maxAttachmentSizeTotal"` MaxAttachmentSizeTotal int64 `json:"maxAttachmentSizeTotal" yaml:"maxAttachmentSizeTotal"`
MaxSecretSize int64 `json:"-" yaml:"maxSecretSize"`
OverlayFSPath string `json:"-" yaml:"overlayFSPath"` OverlayFSPath string `json:"-" yaml:"overlayFSPath"`
UseFormalLanguage bool `json:"-" yaml:"useFormalLanguage"` UseFormalLanguage bool `json:"-" yaml:"useFormalLanguage"`
} }