[TT-16767][Global] [Implementation] Centralised Error Overrides Infrastructure #7867
probelabs / Visor: security
succeeded
Mar 12, 2026 in 1m 2s
✅ Check Passed (Warnings Found)
security check passed. Found 1 warning, but fail_if condition was not met.
Details
📊 Summary
- Total Issues: 1
- Warning Issues: 1
🔍 Failure Condition Results
Passed Conditions
- global_fail_if: Condition passed
Issues by Category
Security (1)
⚠️ config/config.go:1465 - The configured error overrideBodyis written to the response without a size limit, potentially leading to a denial of service. An administrator could configure an extremely large string in theBodyfield. When the corresponding error is triggered, the gateway will allocate memory for this large body and write it to the response. If triggered frequently, this could lead to memory exhaustion or excessive bandwidth consumption.
Powered by Visor from Probelabs
💡 TIP: You can chat with Visor using /visor ask <your question>
Annotations
Check warning on line 1465 in config/config.go
probelabs / Visor: security
security Issue
The configured error override `Body` is written to the response without a size limit, potentially leading to a denial of service. An administrator could configure an extremely large string in the `Body` field. When the corresponding error is triggered, the gateway will allocate memory for this large body and write it to the response. If triggered frequently, this could lead to memory exhaustion or excessive bandwidth consumption.
Raw output
Implement a validation check to enforce a reasonable size limit on the `ErrorResponse.Body` field when loading the configuration. This could be done in the `CompileErrorOverrides` or a dedicated validation function. A configurable limit with a safe default (e.g., 1MB) would be ideal.
Loading