fix: Limit length of response body read to 4mb#2080
Open
kaylareopelle wants to merge 1 commit intoopen-telemetry:mainfrom
Open
fix: Limit length of response body read to 4mb#2080kaylareopelle wants to merge 1 commit intoopen-telemetry:mainfrom
kaylareopelle wants to merge 1 commit intoopen-telemetry:mainfrom
Conversation
Limiting the read size may help prevent memory exhaustion exploits when the configured collector endpoint is attacker-controlled.
kaylareopelle
force-pushed
the
read-body-limit
branch
from
35dfa8e to
f0bec26
Compare
kaylareopelle
requested review from
ahayworth,
arielvalentin,
dazuma,
ericmustin,
fbogsany,
mwear,
plantfansam,
robbkidd and
robertlaurin
as code owners
| truncated = false | ||
|
|
||
| response.read_body do |chunk| | ||
| if body.bytesize + chunk.bytesize <= RESPONSE_BODY_LIMIT |
Contributor
There was a problem hiding this comment.
Before starting to read the response body, should we not first read the content-length or transfer-encoding and short circuit if the body exceeds the limit?
IIUC the Go collector will switch to using chunked responses that exceed the 2KiB default buffer size. In cases where the response is less than 2KiB or the backend supports larger buffer sizes we may get the content-length responses and exit early.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Length
https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Transfer-Encoding
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Our exporters read HTTP response bodies without any limit. A misconfigured or misbehaving server could send an arbitrarily large response, causing the exporter to read it all into memory.
This implements a 4 MB response body limit also implemented by:
Based on https://cwe.mitre.org/data/definitions/789.html
Fixes #2079