Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check content_length prior to parsing request data. #8

Open
grosscol opened this issue Aug 2, 2021 · 0 comments
Open

Check content_length prior to parsing request data. #8

grosscol opened this issue Aug 2, 2021 · 0 comments
Labels
triage Landing area for issues discovered during development.

Comments

@grosscol
Copy link
Collaborator

grosscol commented Aug 2, 2021

Issue or current state

A number of requests imported from the UI flask application check the request data with request.get_json().
Recommendation in Flask documentation is to check content length prior to loading & parsing the request data.

Resolved when

Define a max length for the ui routes blueprint content bodies e.g. CONTENT_LEN_MAX = 65536

Replace existing checks for json content of a post request

if request.method == 'POST' and request.get_json():

with type and length check before proceeding with request.get_json()

if request.method == 'POST' and  request.is_json and request.content_length < CONTENT_LEN_MAX:
@grosscol grosscol added the triage Landing area for issues discovered during development. label Aug 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage Landing area for issues discovered during development.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@grosscol