limit request size, closes #107

2014-08-09 20:55:02 +02:00 · 2014-08-09 20:55:02 +02:00 · 4a8cbcd8f0
commit 4a8cbcd8f0
parent 7008e88314
3 changed files with 15 additions and 1 deletions
--- a/isso/utils/init.py
+++ b/isso/utils/init.py
@ -8,9 +8,11 @@ werkzeug = pkg_resources.get_distribution("werkzeug")
 import json
 import hashlib

-from werkzeug.wrappers import Request, Response
+from werkzeug.wrappers import Response
 from werkzeug.exceptions import BadRequest

+from isso.wsgi import Request
+
 try:
    import ipaddress
 except ImportError:
--- a/isso/views/comments.py
+++ b/isso/views/comments.py
@ -142,6 +142,9 @@ class API(object):
        if len(comment["text"].rstrip()) < 3:
            return False, "text is too short (minimum length: 3)"

+        if len(comment["text"]) > 65535:
+            return False, "text is too long (maximum length: 65535)"
+
        if len(comment.get("email") or "") > 254:
            return False, "http://tools.ietf.org/html/rfc5321#section-4.5.3"

--- a/isso/wsgi.py
+++ b/isso/wsgi.py
@ -17,6 +17,7 @@ except ImportError:
    from BaseHTTPServer import HTTPServer

 from werkzeug.serving import WSGIRequestHandler
+from werkzeug.wrappers import Request as _Request
 from werkzeug.datastructures import Headers

 from isso.compat import string_types
@ -148,6 +149,14 @@ class CORSMiddleware(object):
        return self.app(environ, add_cors_headers)


+class Request(_Request):
+
+    # Assuming UTF-8, comments with 65536 characters would consume
+    # 128 kb memory. The remaining 128 kb cover additional parameters
+    # and WSGI headers.
+    max_content_length = 256 * 1024
+
+
 class SocketWSGIRequestHandler(WSGIRequestHandler):

    def run_wsgi(self):