From a6974c3af00a66870424aa971ae4dd38c49847bf Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Wed, 18 Feb 2026 03:20:37 +0000
Subject: Fix Unbounded Memory Usage in Image Proxy

- Added `maxImageProxySize` constant (10MB) to limit memory usage.
- Used `io.LimitReader` in `imageProxyHandler` to enforce the limit.
- Added regression test `web/proxy_limit_test.go` to verify the fix.

Co-authored-by: adammathes <868470+adammathes@users.noreply.github.com>
---
 web/web.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'web/web.go')

diff --git a/web/web.go b/web/web.go
index 245f844..4f111a3 100644
--- a/web/web.go
+++ b/web/web.go
@@ -31,6 +31,8 @@ var gzPool = sync.Pool{
 	},
 }
 
+const maxImageProxySize = 10 * 1024 * 1024 // 10 MB
+
 var (
 	//go:embed static/*
 	staticFiles embed.FS
@@ -89,7 +91,7 @@ func imageProxyHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	bts, err := io.ReadAll(resp.Body)
+	bts, err := io.ReadAll(io.LimitReader(resp.Body, maxImageProxySize))
 	if err != nil {
 		http.Error(w, "failed to read proxy image", http.StatusNotFound)
 		return
-- 
cgit v1.2.3