crowdsec icon indicating copy to clipboard operation
crowdsec copied to clipboard
verified publisher icon crowdsecurity

appsec: better handle chunked requests

Open blotus opened this issue 1 year ago • 4 comments

We were relying on the content-length header to compute the size of the buffer we need to allocate to store the body, but in the case of chunked requests, the content length is not set, thus we were allocating a 0 byte buffer.

Do not try to be smart, and read as much as we can.

We ignore unexpected EOF errors because some requests might set an invalid content-length header.

blotus avatar Nov 21 '24 22:11 blotus

@blotus: There are no 'kind' label on this PR. You need a 'kind' label to generate the release automatically.

  • /kind feature
  • /kind enhancement
  • /kind refactoring
  • /kind fix
  • /kind chore
  • /kind dependencies
Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

github-actions[bot] avatar Nov 21 '24 22:11 github-actions[bot]

@blotus: There are no area labels on this PR. You can add as many areas as you see fit.

  • /area agent
  • /area local-api
  • /area cscli
  • /area appsec
  • /area security
  • /area configuration
Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

github-actions[bot] avatar Nov 21 '24 22:11 github-actions[bot]

Codecov Report

Attention: Patch coverage is 0% with 10 lines in your changes missing coverage. Please review.

Project coverage is 56.69%. Comparing base (bcce4af) to head (1614c8a).

Files with missing lines Patch % Lines
pkg/appsec/request.go 0.00% 10 Missing :warning:
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #3342      +/-   ##
==========================================
+ Coverage   56.67%   56.69%   +0.01%     
==========================================
  Files         390      390              
  Lines       43631    43632       +1     
==========================================
+ Hits        24727    24736       +9     
+ Misses      16811    16804       -7     
+ Partials     2093     2092       -1
Flag Coverage Δ
bats 40.98% <0.00%> (-0.03%) :arrow_down:
unit-linux 33.72% <0.00%> (+0.01%) :arrow_up:
unit-windows 22.72% <0.00%> (+0.01%) :arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

codecov[bot] avatar Nov 21 '24 22:11 codecov[bot]

/area appsec /kind fix

blotus avatar Mar 03 '25 09:03 blotus