proxyd: security oriented fixes #493
Conversation
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #493 +/- ##
==========================================
+ Coverage 58.51% 58.58% +0.07%
==========================================
Files 91 91
Lines 12934 12962 +28
==========================================
+ Hits 7568 7594 +26
- Misses 4912 4914 +2
Partials 454 454
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
Signed-off-by: Yashvardhan Kukreja <[email protected]>
Signed-off-by: Yashvardhan Kukreja <[email protected]>
Signed-off-by: Yashvardhan Kukreja <[email protected]>
yashvardhan-kukreja
force-pushed
the
yash/proxyd-security-fixes
branch
from
0ac6d65 to
f1a2610
Compare
proxyd/backend.go
Outdated
| if err != nil { | ||
| return nil, wrapErr(err, "error dialing backend") | ||
| } | ||
| backendConn.SetReadLimit(readLimit) |
There was a problem hiding this comment.
It could be interesting to leverage b.maxResponseSize which is used for the equivalent limit in regular http reqs.
There was a problem hiding this comment.
Sure. Was originally intending to match the limits of the front-end of the connection (clientConn) with the backend's one as s.maxBodySize, but yeah we can re-use the b.maxResponseSize and configure b.maxResponseSize to s.maxBodySize whenever need be.
There was a problem hiding this comment.
I believe we can fall back to server's maxBodySize if the b.maxResponseSize isn't provided.
…limit for proxying ws connection Signed-off-by: Yashvardhan Kukreja <[email protected]>
Signed-off-by: Yashvardhan Kukreja [email protected]
Description
A clear and concise description of the features you're adding in this pull request.
Tests
Please describe any tests you've added. If you've added no tests, or left important behavior untested, please explain why not.
Additional context
Add any other context about the problem you're solving.
Metadata