diff options
author | Antoine A <> | 2021-12-09 18:25:42 +0100 |
---|---|---|
committer | Antoine A <> | 2021-12-09 18:25:42 +0100 |
commit | bc5094bc0649cc04df805c22046dfd817b94254a (patch) | |
tree | ca7e8b0dec9f736db98b7c33d4725a0db91deca2 | |
parent | 41ad5070a43da25419d8dd0042d35c82ddc053fc (diff) | |
download | depolymerization-bc5094bc0649cc04df805c22046dfd817b94254a.tar.gz depolymerization-bc5094bc0649cc04df805c22046dfd817b94254a.tar.bz2 depolymerization-bc5094bc0649cc04df805c22046dfd817b94254a.zip |
Fix security test
-rw-r--r-- | script/test_gateway.sh | 4 | ||||
-rw-r--r-- | wire-gateway/src/error.rs | 5 | ||||
-rw-r--r-- | wire-gateway/src/json.rs | 2 |
3 files changed, 3 insertions, 8 deletions
diff --git a/script/test_gateway.sh b/script/test_gateway.sh index aaed418..78d13aa 100644 --- a/script/test_gateway.sh +++ b/script/test_gateway.sh @@ -121,7 +121,7 @@ done echo "----- Security -----" # Generate big random file -printf 'HelloWorld%s' {1..1000} >> $TEMP_FILE +printf 'HelloWorld%s' {1..100000} > $TEMP_FILE echo -n "Handle huge body:" test `curl -w %{http_code} -X POST -s -o /dev/null -d @$TEMP_FILE ${BANK_ENDPOINT}transfer` -eq 400 && echo " OK" || echo " Failed" @@ -130,7 +130,7 @@ echo -n "Handle body length liar:" test `curl -w %{http_code} -X POST -H"Content-Length:1024" -s -o /dev/null -d @$TEMP_FILE ${BANK_ENDPOINT}transfer` -eq 400 && echo " OK" || echo " Failed" # Generate compression bomb -printf 'HelloWorld%s' {1..1000} | pigz -z9 >> $TEMP_FILE +printf 'HelloWorld%s' {1..100000} | pigz -z9 > $TEMP_FILE echo -n "Handle compression bomb:" test `curl -w %{http_code} -X POST -H"Content-Encoding:deflate" -s -o /dev/null --data-binary @$TEMP_FILE ${BANK_ENDPOINT}transfer` -eq 400 && echo " OK" || echo " Failed" diff --git a/wire-gateway/src/error.rs b/wire-gateway/src/error.rs index 5aefaa7..3123608 100644 --- a/wire-gateway/src/error.rs +++ b/wire-gateway/src/error.rs @@ -9,11 +9,6 @@ pub struct ServerError { pub msg: String,
}
-pub enum ServerContent {
- None,
- Detailed(ErrorDetail),
-}
-
impl ServerError {
fn new(status: StatusCode, body: Body, msg: String) -> Self {
Self { status, body, msg }
diff --git a/wire-gateway/src/json.rs b/wire-gateway/src/json.rs index eb55a09..0aebac9 100644 --- a/wire-gateway/src/json.rs +++ b/wire-gateway/src/json.rs @@ -1,7 +1,7 @@ use hyper::{body::HttpBody, header, http::request::Parts, Body, Response, StatusCode};
use miniz_oxide::inflate::TINFLStatus;
-const MAX_ALLOWED_RESPONSE_SIZE: u64 = 4 * 1024; // 4MB
+const MAX_ALLOWED_RESPONSE_SIZE: u64 = 1 * 1024 * 1024; // 1MB
#[derive(Debug, thiserror::Error)]
pub enum ParseBodyError {
|