From 8a156b936e8c6312c8b93df5cee79eea0ff6d32c Mon Sep 17 00:00:00 2001 From: Simone Gotti Date: Tue, 17 Mar 2020 11:13:44 +0100 Subject: [PATCH] config: check max config size limit config size to 1MiB. --- internal/config/config.go | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/internal/config/config.go b/internal/config/config.go index dd0af74..f4b09aa 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -30,6 +30,7 @@ import ( ) const ( + maxConfigSize = 1024 * 1024 // 1MiB maxRunNameLength = 100 maxTaskNameLength = 100 maxStepNameLength = 100 @@ -659,15 +660,19 @@ type ConfigContext struct { } func ParseConfig(configData []byte, format ConfigFormat, configContext *ConfigContext) (*Config, error) { - // Generate json from jsonnet + // TODO(sgotti) execute jsonnet and starlark executor in a + // separate process to avoid issues with malformat config that + // could lead to infinite executions and memory exhaustion switch format { case ConfigFormatJsonnet: + // Generate json from jsonnet var err error configData, err = execJsonnet(configData, configContext) if err != nil { return nil, errors.Errorf("failed to execute jsonnet: %w", err) } case ConfigFormatStarlark: + // Generate json from starlark var err error configData, err = execStarlark(configData, configContext) if err != nil { @@ -675,6 +680,10 @@ func ParseConfig(configData []byte, format ConfigFormat, configContext *ConfigCo } } + if len(configData) > maxConfigSize { + return nil, errors.Errorf("config size is greater than allowed max config size: %d > %d", len(configData), maxConfigSize) + } + config := DefaultConfig if err := yaml.Unmarshal(configData, &config); err != nil { return nil, errors.Errorf("failed to unmarshal config: %w", err)