Merge pull request #239 from sgotti/config_check_max_config_size

config: check max config size
This commit is contained in:
Simone Gotti 2020-03-20 10:07:23 +01:00 committed by GitHub
commit 486c4b9bcd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 1 deletions

View File

@ -30,6 +30,7 @@ import (
) )
const ( const (
maxConfigSize = 1024 * 1024 // 1MiB
maxRunNameLength = 100 maxRunNameLength = 100
maxTaskNameLength = 100 maxTaskNameLength = 100
maxStepNameLength = 100 maxStepNameLength = 100
@ -659,15 +660,19 @@ type ConfigContext struct {
} }
func ParseConfig(configData []byte, format ConfigFormat, configContext *ConfigContext) (*Config, error) { func ParseConfig(configData []byte, format ConfigFormat, configContext *ConfigContext) (*Config, error) {
// Generate json from jsonnet // TODO(sgotti) execute jsonnet and starlark executor in a
// separate process to avoid issues with malformat config that
// could lead to infinite executions and memory exhaustion
switch format { switch format {
case ConfigFormatJsonnet: case ConfigFormatJsonnet:
// Generate json from jsonnet
var err error var err error
configData, err = execJsonnet(configData, configContext) configData, err = execJsonnet(configData, configContext)
if err != nil { if err != nil {
return nil, errors.Errorf("failed to execute jsonnet: %w", err) return nil, errors.Errorf("failed to execute jsonnet: %w", err)
} }
case ConfigFormatStarlark: case ConfigFormatStarlark:
// Generate json from starlark
var err error var err error
configData, err = execStarlark(configData, configContext) configData, err = execStarlark(configData, configContext)
if err != nil { if err != nil {
@ -675,6 +680,10 @@ func ParseConfig(configData []byte, format ConfigFormat, configContext *ConfigCo
} }
} }
if len(configData) > maxConfigSize {
return nil, errors.Errorf("config size is greater than allowed max config size: %d > %d", len(configData), maxConfigSize)
}
config := DefaultConfig config := DefaultConfig
if err := yaml.Unmarshal(configData, &config); err != nil { if err := yaml.Unmarshal(configData, &config); err != nil {
return nil, errors.Errorf("failed to unmarshal config: %w", err) return nil, errors.Errorf("failed to unmarshal config: %w", err)