Add server side check for maximum secret size
closes #138 Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
9a530e1c66
commit
1623e09225
GPG key ID:
D91C3E91E4CAD6F5
2 changed files with 6 additions and 0 deletions
5
api.go
5
api.go
|
|
@ -70,6 +70,11 @@ func (a apiServer) handleCreate(res http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
if cust.MaxSecretSize > 0 && len(secret) > int(cust.MaxSecretSize) {
|
||||
a.errorResponse(res, http.StatusBadRequest, errors.New("secret size exceeds maximum"), "")
|
||||
return
|
||||
}
|
||||
|
||||
id, err := a.store.Create(secret, time.Duration(expiry)*time.Second)
|
||||
if err != nil {
|
||||
a.errorResponse(res, http.StatusInternalServerError, err, "creating secret")
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ type (
|
|||
DisableFileAttachment bool `json:"disableFileAttachment" yaml:"disableFileAttachment"`
|
||||
MaxAttachmentSizeTotal int64 `json:"maxAttachmentSizeTotal" yaml:"maxAttachmentSizeTotal"`
|
||||
|
||||
MaxSecretSize int64 `json:"-" yaml:"maxSecretSize"`
|
||||
OverlayFSPath string `json:"-" yaml:"overlayFSPath"`
|
||||
UseFormalLanguage bool `json:"-" yaml:"useFormalLanguage"`
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue