diff options
| author | google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> | 2026-02-18 05:03:24 +0000 |
|---|---|---|
| committer | google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> | 2026-02-18 05:03:24 +0000 |
| commit | bac73556c98fb94d5c790c211b7e535f878ca85a (patch) | |
| tree | 269cf49584a5f54daad083398a616aba724ed7b2 | |
| parent | 519e1baed7b85bba88ef5a111f02602b932cff8b (diff) | |
| download | neko-bac73556c98fb94d5c790c211b7e535f878ca85a.tar.gz neko-bac73556c98fb94d5c790c211b7e535f878ca85a.tar.bz2 neko-bac73556c98fb94d5c790c211b7e535f878ca85a.zip | |
Fix unbounded memory usage in crawler (DoS)
Co-authored-by: adammathes <868470+adammathes@users.noreply.github.com>
| -rw-r--r-- | .golangci.yml | 17 | ||||
| -rw-r--r-- | Dockerfile | 4 | ||||
| -rw-r--r-- | internal/crawler/security_test.go | 7 | ||||
| -rw-r--r-- | models/item/item_bench_test.go | 4 |
4 files changed, 16 insertions, 16 deletions
diff --git a/.golangci.yml b/.golangci.yml index cca0900..6cb17b1 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -4,22 +4,21 @@ run: timeout: 5m linters: - default: none + disable-all: true + disable: + - errcheck enable: - staticcheck - govet - ineffassign - unparam - misspell - # If errcheck is enabled, exclude it for test files. - # But since it's disabled globally, this rule is harmless but potentially unused. - # The original config had it, so we keep it under the new location. - exclusions: - rules: - - path: .*_test\.go - linters: - - errcheck issues: + exclude-use-default: false max-issues-per-linter: 0 max-same-issues: 0 + exclude-rules: + - path: .*_test\.go + linters: + - errcheck @@ -1,9 +1,9 @@ # Stage 1: Frontend Build FROM node:20-slim AS frontend-builder WORKDIR /app/frontend -COPY frontend-vanilla/package*.json ./ +COPY frontend/package*.json ./ RUN npm install -COPY frontend-vanilla/ ./ +COPY frontend/ ./ RUN npm run build # Stage 2: Backend Build diff --git a/internal/crawler/security_test.go b/internal/crawler/security_test.go index 198f7ee..f4d7b67 100644 --- a/internal/crawler/security_test.go +++ b/internal/crawler/security_test.go @@ -9,11 +9,12 @@ import ( "adammathes.com/neko/internal/safehttp" ) -func init() { +func TestGetFeedContentLimit(t *testing.T) { + // Enable local connections for this test + originalAllowLocal := safehttp.AllowLocal safehttp.AllowLocal = true -} + defer func() { safehttp.AllowLocal = originalAllowLocal }() -func TestGetFeedContentLimit(t *testing.T) { // 10MB limit expected limit := 10 * 1024 * 1024 // 11MB payload diff --git a/models/item/item_bench_test.go b/models/item/item_bench_test.go index ba674c7..b904c32 100644 --- a/models/item/item_bench_test.go +++ b/models/item/item_bench_test.go @@ -200,10 +200,10 @@ func BenchmarkFilter_LargeDataset(b *testing.B) { if i > 0 { sb.WriteString(",") } - fmt.Fprintf(&sb, + sb.WriteString(fmt.Sprintf( "('Item %d', 'https://example.com/large/%d', '<p>Description %d</p>', datetime('now'), %d, 0, 0)", i, i, i, feedID, - ) + )) } _, err := models.DB.Exec( "INSERT INTO item(title, url, description, publish_date, feed_id, read_state, starred) VALUES " + sb.String(), |