search

crowdsecurity / crowdsec

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
https://crowdsec.net
MIT License
9.08k stars 470 forks source link

appsec: better handle chunked requests #3342

Open blotus opened 1 day ago

blotus commented 1 day ago

We were relying on the content-length header to compute the size of the buffer we need to allocate to store the body, but in the case of chunked requests, the content length is not set, thus we were allocating a 0 byte buffer.

Do not try to be smart, and read as much as we can.

We ignore unexpected EOF errors because some requests might set an invalid content-length header.

github-actions[bot] commented 1 day ago

@blotus: There are no 'kind' label on this PR. You need a 'kind' label to generate the release automatically.

Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
github-actions[bot] commented 1 day ago

@blotus: There are no area labels on this PR. You can add as many areas as you see fit.

Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
codecov[bot] commented 1 day ago

Codecov Report

Attention: Patch coverage is 0% with 11 lines in your changes missing coverage. Please review.

Project coverage is 54.51%. Comparing base (fb733ee) to head (9ed95e7).

Files with missing lines Patch % Lines
pkg/appsec/request.go 0.00% 11 Missing :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #3342 +/- ## ========================================== - Coverage 58.38% 54.51% -3.88% ========================================== Files 351 351 Lines 37827 37829 +2 ========================================== - Hits 22087 20623 -1464 - Misses 13831 15372 +1541 + Partials 1909 1834 -75 ``` | [Flag](https://app.codecov.io/gh/crowdsecurity/crowdsec/pull/3342/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=crowdsecurity) | Coverage Δ | | |---|---|---| | [bats](https://app.codecov.io/gh/crowdsecurity/crowdsec/pull/3342/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=crowdsecurity) | `41.22% <0.00%> (-0.02%)` | :arrow_down: | | [unit-linux](https://app.codecov.io/gh/crowdsecurity/crowdsec/pull/3342/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=crowdsecurity) | `?` | | | [unit-windows](https://app.codecov.io/gh/crowdsecurity/crowdsec/pull/3342/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=crowdsecurity) | `29.66% <0.00%> (+<0.01%)` | :arrow_up: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=crowdsecurity#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

🚨 Try these New Features: