wai-extra: Safe handling of temp files that exceed configured limits

Question

wai-extra: Safe handling of temp files that exceed configured limits

ocramz opened this issue 10 months ago · 7 comments

parseRequestBodyEx contains calls to error that will crash a server if it handles file requests that exceed limits; this behaviour seems to be a Denial of Service but with extra steps.

What if we had a safe variant of parseRequestBodyEx that instead throws an exception ~~or accumulates file limit violations~~?

I'd be willing to implement this feature in case.

Answer 1 · 2024-01-11T00:19:38.000Z

Merged via #972.

Answer 2 · 2024-01-11T15:52:17.000Z

Thanks @kazu-yamamoto ! Could you release this on Hackage too, or are you waiting for other patches to get in first? Thanks!

Answer 3 · 2024-01-11T22:52:00.000Z

@snoyberg Would you give me the upload permission for wai-extra to Hackage?

Answer 4 · 2024-01-12T05:04:58.000Z

Absolutely, you should have access now.

Answer 5 · 2024-01-12T06:30:47.000Z

@snoyberg Thanks.

A new version has been released.

Answer 6 · 2024-01-13T05:53:20.000Z

Hi @kazu-yamamoto thank you for releasing so quickly ! However why did you change the version number without updating it in the cabal file and changelog? 9d2f7d8

Answer 7 · 2024-01-15T08:42:54.000Z

I changed the version in the cabal file since 3.1.14 is not registered on Hackage.
I forgot to update changelog.