fit icon indicating copy to clipboard operation
fit copied to clipboard

Published 20 hours ago verified publisher icon joshuakto

Potentially dangerous unchecked api request loop

Open blrbrb opened this issue 6 months ago • 1 comments

On any failure condition where the content at api.github/repos/USER/REPOSITORY/blobs results in a 404 the plugin will continue to spam requests to the API indefinitely, or until a rate limit is exceeded. Displaying the message "unable to sync, if you are not connected to the internet. Turn off autosync". Even if the auto sync setting is toggled to OFF, and the backup is manually initiated by pressing the icon.

This is rather urgent and potentially dangerous as it has the potential to render Github (both on browser, and in the obsidian client) entirely unusable for a while users wait for the rate limit timeout to expire. Furthermore, if auto sync is enabled at an interval lower than the rate limit timeout the url at api.github/repos/USER/REPOSITORY/blobs will always 404 and more requests will be sent culminating in an endless cycle where the rate limit is always exceeded.

Full stack trace from obsidian console:

plugin:fit:2392 Caught unknown error:  HttpError		plugins:fit:2392	
    at eval (plugin:fit:627:21)
    at async Fit.createBlob (plugin:fit:1349:28)
    at async Fit.createTreeNodeFromFile (plugin:fit:1389:21)
    at async eval (plugin:fit:1919:20)
    at async Promise.all (index 236)
    at async FitPush.createCommitFromLocalUpdate (plugin:fit:1918:24)
    at async FitPush.pushChangedFilesToRemote (plugin:fit:1939:32)
    at async FitSync.syncWithConflicts (plugin:fit:2140:24)
    at async FitSync.sync (plugin:fit:2222:40)
    at async FitPlugin.sync (plugin:fit:2352:27)
FitPlugin.catchErrorAndNotify	@	plugin:fit:2392
Failed to load resource: the server responded with a status of 403 ()		blobs:1
Failed to load resource: the server responded with a status of 403 ()		blobs:1
Failed to load resource: the server responded with a status of 403 ()		blobs:1
Failed to load resource: the server responded with a status of 403 ()		blobs:1
Failed to load resource: the server responded with a status of 403 ()		blobs:1
Failed to load resource: the server responded with a status of 403 ()		blobs:1
Failed to load resource: the server responded with a status of 403 ()		blobs:1
Failed to load resource: the server responded with a status of 403 ()		blobs:1
Failed to load resource: the server responded with a status of 403 ()		blobs:1
...

blrbrb avatar Aug 26 '24 22:08 blrbrb