mirror of
https://github.com/photoprism/photoprism.git
synced 2026-07-17 16:49:04 +00:00
83 lines
2.6 KiB
Bash
Executable file
83 lines
2.6 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
|
|
set -euo pipefail
|
|
|
|
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
|
WINDOW_LINES=15
|
|
API_DIRS=(
|
|
"internal/api"
|
|
"plus/internal/api"
|
|
"pro/internal/api"
|
|
"portal/internal/api"
|
|
)
|
|
|
|
violations=()
|
|
|
|
# check_file flags request-body sinks not preceded within WINDOW_LINES by a
|
|
# LimitRequestBodyBytes call. Covered sinks: c.BindJSON / c.ShouldBindJSON,
|
|
# <name>.ServeHTTP(<writer>, c.Request), and direct io.ReadAll /
|
|
# json.NewDecoder / xml.NewDecoder / yaml.NewDecoder on c.Request.Body.
|
|
check_file() {
|
|
local file="$1"
|
|
local rel="${file#"$ROOT_DIR"/}"
|
|
local output
|
|
|
|
output="$(
|
|
awk -v window="$WINDOW_LINES" '
|
|
/^[[:space:]]*\/\// { next }
|
|
/^[[:space:]]*func[[:space:]]/ { last_limit = 0 }
|
|
/LimitRequestBodyBytes[[:space:]]*\(/ { last_limit = NR }
|
|
/c\.(BindJSON|ShouldBindJSON)\(/ {
|
|
if (last_limit == 0 || NR - last_limit > window) {
|
|
printf "%d:%s\n", NR, $0
|
|
}
|
|
}
|
|
/[A-Za-z_][A-Za-z0-9_]*\.ServeHTTP[[:space:]]*\([^,]*,[[:space:]]*c\.Request[[:space:]]*\)/ {
|
|
if (last_limit == 0 || NR - last_limit > window) {
|
|
printf "%d:%s\n", NR, $0
|
|
}
|
|
}
|
|
/(io\.ReadAll|io\.LimitReader|json\.NewDecoder|xml\.NewDecoder|yaml\.NewDecoder)[[:space:]]*\([[:space:]]*c\.Request\.Body[[:space:]]*\)/ {
|
|
if (last_limit == 0 || NR - last_limit > window) {
|
|
printf "%d:%s\n", NR, $0
|
|
}
|
|
}
|
|
' "$file"
|
|
)"
|
|
|
|
if [ -z "$output" ]; then
|
|
return
|
|
fi
|
|
|
|
while IFS= read -r line; do
|
|
violations+=("${rel}:${line}")
|
|
done <<< "$output"
|
|
}
|
|
|
|
for dir in "${API_DIRS[@]}"; do
|
|
if [ ! -d "$ROOT_DIR/$dir" ]; then
|
|
continue
|
|
fi
|
|
|
|
while IFS= read -r -d '' file; do
|
|
check_file "$file"
|
|
done < <(find "$ROOT_DIR/$dir" -type f -name '*.go' ! -name '*_test.go' -print0)
|
|
done
|
|
|
|
if [ "${#violations[@]}" -gt 0 ]; then
|
|
echo "ERROR: API request-body sink without nearby LimitRequestBodyBytes detected:"
|
|
printf ' %s\n' "${violations[@]}"
|
|
echo
|
|
echo "Add LimitRequestBodyBytes(...) before one of:"
|
|
echo " * c.BindJSON(...) / c.ShouldBindJSON(...)"
|
|
echo " * <handler>.ServeHTTP(<writer>, c.Request)"
|
|
echo " * io.ReadAll(c.Request.Body) / json.NewDecoder(c.Request.Body) / ..."
|
|
echo
|
|
echo "On the BindJSON path, handle IsRequestBodyTooLarge(err) and"
|
|
echo "AbortRequestTooLarge(...). For SDK-delegated or direct-read paths,"
|
|
echo "wrap the response writer to rewrite the upstream 400 -> 413 so the"
|
|
echo "response stays consistent with the rest of the JSON API."
|
|
exit 1
|
|
fi
|
|
|
|
echo "OK: All reviewed API request-body sinks have nearby LimitRequestBodyBytes calls."
|