Merge pull request #35 from bsdlp/max_content_length

Derek Dowling · web-flow · commit e3089e3a099e · 2016-07-19T13:32:52.000-07:00
Max content length
diff --git a/client/client.go b/client/client.go
@@ -33,7 +33,7 @@ string BUT DOESN'T close the ReadCloser. Useful for debugging.
 */
 func DumpBody(response *http.Response) (string, *jsh.Error) {
 
-	byteData, err := ioutil.ReadAll(response.Body)
+	byteData, err := ioutil.ReadAll(io.LimitReader(response.Body, jsh.MaxContentLength))
 	if err != nil {
 		return "", jsh.ISE(fmt.Sprintf("Error attempting to read request body: %s", err.Error()))
 	}
diff --git a/parser.go b/parser.go
@@ -73,6 +73,10 @@ func ParseList(r *http.Request) (List, *Error) {
 	return document.Data, nil
 }
 
+// MaxContentLength is 10MB
+// https://github.com/golang/go/blob/abb3c0618b658a41bf91a087f1737412e93ff6d9/src/pkg/net/http/request.go#L617
+const MaxContentLength int64 = 10 << 20
+
 /*
 ParseDoc parses and returns a top level jsh.Document. In most cases, using
 "ParseList" or "ParseObject" is preferable.
@@ -113,7 +117,7 @@ func (p *Parser) Document(payload io.ReadCloser, mode DocumentMode) (*Document,
 		Mode: mode,
 	}
 
-	decodeErr := json.NewDecoder(payload).Decode(document)
+	decodeErr := json.NewDecoder(io.LimitReader(payload, MaxContentLength)).Decode(document)
 	if decodeErr != nil {
 		return nil, ISE(fmt.Sprintf("Error parsing JSON Document: %s", decodeErr.Error()))
 	}

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ string BUT DOESN'T close the ReadCloser. Useful for debugging.`
`33`	`33`	`*/`
`34`	`34`	`func DumpBody(response http.Response) (string, jsh.Error) {`
`35`	`35`
`36`		`- byteData, err := ioutil.ReadAll(response.Body)`
	`36`	`+ byteData, err := ioutil.ReadAll(io.LimitReader(response.Body, jsh.MaxContentLength))`
`37`	`37`	`if err != nil {`
`38`	`38`	`return "", jsh.ISE(fmt.Sprintf("Error attempting to read request body: %s", err.Error()))`
`39`	`39`	`}`
Original file line number	Diff line number	Diff line change
`@@ -73,6 +73,10 @@ func ParseList(r http.Request) (List, Error) {`
`73`	`73`	`return document.Data, nil`
`74`	`74`	`}`
`75`	`75`
	`76`	`+// MaxContentLength is 10MB`
	`77`	`+// https://github.com/golang/go/blob/abb3c0618b658a41bf91a087f1737412e93ff6d9/src/pkg/net/http/request.go#L617`
	`78`	`+const MaxContentLength int64 = 10 << 20`
	`79`	`+`
`76`	`80`	`/*`
`77`	`81`	`ParseDoc parses and returns a top level jsh.Document. In most cases, using`
`78`	`82`	`"ParseList" or "ParseObject" is preferable.`
`@@ -113,7 +117,7 @@ func (p Parser) Document(payload io.ReadCloser, mode DocumentMode) (Document,`
`113`	`117`	`Mode: mode,`
`114`	`118`	`}`
`115`	`119`
`116`		`- decodeErr := json.NewDecoder(payload).Decode(document)`
	`120`	`+ decodeErr := json.NewDecoder(io.LimitReader(payload, MaxContentLength)).Decode(document)`
`117`	`121`	`if decodeErr != nil {`
`118`	`122`	`return nil, ISE(fmt.Sprintf("Error parsing JSON Document: %s", decodeErr.Error()))`
`119`	`123`	`}`