search

neicnordic / crypt4gh

Crypt4GH standard implementation
https://pkg.go.dev/github.com/neicnordic/crypt4gh
MIT License
8 stars 4 forks source link

Add some sanity limits on header values #137

Closed pontus closed 6 months ago

pontus commented 6 months ago

This adds some sanity limits when reading header packets without which one could possibly executedenial-of-service attacks through resource consumption.

I normally do not like libraries arbitrarily restricting otherewise valid usages, but think these limits are permissive enough that it should not be a problem. If it's still considered too restrictive, one can implement the ability to pass flags through varargs, meaning the signature used in calls could remain the same so no code would need to be rewritten unless they want to pass such flags). I currently can't think of any use case that would need that, though.

codecov-commenter commented 6 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 72.90%. Comparing base (1f71185) to head (c042c65). Report is 6 commits behind head on master.

:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #137 +/- ## ========================================== + Coverage 72.44% 72.90% +0.46% ========================================== Files 6 6 Lines 900 908 +8 ========================================== + Hits 652 662 +10 + Misses 129 127 -2 Partials 119 119 ``` | [Flag](https://app.codecov.io/gh/neicnordic/crypt4gh/pull/137/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=neicnordic) | Coverage Δ | | |---|---|---| | [unittests](https://app.codecov.io/gh/neicnordic/crypt4gh/pull/137/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=neicnordic) | `72.90% <100.00%> (+0.46%)` | :arrow_up: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=neicnordic#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.