Skip to content

Commit

Permalink
Add server side check for maximum secret size
Browse files Browse the repository at this point in the history
closes #138

Signed-off-by: Knut Ahlers <knut@ahlers.me>
  • Loading branch information
Luzifer committed Oct 21, 2023
1 parent 9a530e1 commit 1623e09
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
5 changes: 5 additions & 0 deletions api.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,11 @@ func (a apiServer) handleCreate(res http.ResponseWriter, r *http.Request) {
return
}

if cust.MaxSecretSize > 0 && len(secret) > int(cust.MaxSecretSize) {
a.errorResponse(res, http.StatusBadRequest, errors.New("secret size exceeds maximum"), "")
return
}

id, err := a.store.Create(secret, time.Duration(expiry)*time.Second)
if err != nil {
a.errorResponse(res, http.StatusInternalServerError, err, "creating secret")
Expand Down
1 change: 1 addition & 0 deletions pkg/customization/customize.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ type (
DisableFileAttachment bool `json:"disableFileAttachment" yaml:"disableFileAttachment"`
MaxAttachmentSizeTotal int64 `json:"maxAttachmentSizeTotal" yaml:"maxAttachmentSizeTotal"`

MaxSecretSize int64 `json:"-" yaml:"maxSecretSize"`
OverlayFSPath string `json:"-" yaml:"overlayFSPath"`
UseFormalLanguage bool `json:"-" yaml:"useFormalLanguage"`
}
Expand Down

0 comments on commit 1623e09

Please sign in to comment.