maximum depth of expansion (dot notation) / avoid infinite recursion

Question

maximum depth of expansion (dot notation) / avoid infinite recursion

SorianoMarmol opened this issue 2 years ago · 2 comments

Reusing nested serializers, it is possible to perform infinite recursion of expansions.
For example, object1.child1.object1.child1.object1.child1...

This can cause severe performance problems and potential attacks.

It is possible to control it in other ways, but it would be nice if the library provided some method to avoid this potential security problem. For example, maximum level of expansion setting and/or control the recursion.

Thank you for the package and your effort.

Answer 1 · 2023-03-03T06:54:16.000Z

great point, I'll pin this.

Answer 2 · 2023-03-03T12:11:56.000Z

@rsinger86 We've implemented a solution for this. I can publish a PR.