commit bc5094bc0649cc04df805c22046dfd817b94254a
parent 41ad5070a43da25419d8dd0042d35c82ddc053fc
Author: Antoine A <>
Date: Thu, 9 Dec 2021 18:25:42 +0100
Fix security test
Diffstat:
3 files changed, 3 insertions(+), 8 deletions(-)
diff --git a/script/test_gateway.sh b/script/test_gateway.sh
@@ -121,7 +121,7 @@ done
echo "----- Security -----"
# Generate big random file
-printf 'HelloWorld%s' {1..1000} >> $TEMP_FILE
+printf 'HelloWorld%s' {1..100000} > $TEMP_FILE
echo -n "Handle huge body:"
test `curl -w %{http_code} -X POST -s -o /dev/null -d @$TEMP_FILE ${BANK_ENDPOINT}transfer` -eq 400 && echo " OK" || echo " Failed"
@@ -130,7 +130,7 @@ echo -n "Handle body length liar:"
test `curl -w %{http_code} -X POST -H"Content-Length:1024" -s -o /dev/null -d @$TEMP_FILE ${BANK_ENDPOINT}transfer` -eq 400 && echo " OK" || echo " Failed"
# Generate compression bomb
-printf 'HelloWorld%s' {1..1000} | pigz -z9 >> $TEMP_FILE
+printf 'HelloWorld%s' {1..100000} | pigz -z9 > $TEMP_FILE
echo -n "Handle compression bomb:"
test `curl -w %{http_code} -X POST -H"Content-Encoding:deflate" -s -o /dev/null --data-binary @$TEMP_FILE ${BANK_ENDPOINT}transfer` -eq 400 && echo " OK" || echo " Failed"
diff --git a/wire-gateway/src/error.rs b/wire-gateway/src/error.rs
@@ -9,11 +9,6 @@ pub struct ServerError {
pub msg: String,
}
-pub enum ServerContent {
- None,
- Detailed(ErrorDetail),
-}
-
impl ServerError {
fn new(status: StatusCode, body: Body, msg: String) -> Self {
Self { status, body, msg }
diff --git a/wire-gateway/src/json.rs b/wire-gateway/src/json.rs
@@ -1,7 +1,7 @@
use hyper::{body::HttpBody, header, http::request::Parts, Body, Response, StatusCode};
use miniz_oxide::inflate::TINFLStatus;
-const MAX_ALLOWED_RESPONSE_SIZE: u64 = 4 * 1024; // 4MB
+const MAX_ALLOWED_RESPONSE_SIZE: u64 = 1 * 1024 * 1024; // 1MB
#[derive(Debug, thiserror::Error)]
pub enum ParseBodyError {
