ratify icon indicating copy to clipboard operation
ratify copied to clipboard

Published 20 hours ago verified publisher icon ratify-project

Restrict http response size sent back to Gatekeeper

Open akashsinghal opened this issue 1 year ago • 1 comments

What would you like to be added?

New verifiers, such as vulnerability report verifier, will allow users to pass through artifact contents in the verifier report which is embedded in the response body to GK. Response body can now potentially be unbounded leading to potential issues. Ratify should explore if this will pose an issue for External data response if the response size is too big.

Anything else you would like to add?

No response

Are you willing to submit PRs to contribute to this feature?

  • [ ] Yes, I am willing to implement it.

akashsinghal avatar Nov 30 '23 18:11 akashsinghal

We should validate if this is a security issue first.

susanshi avatar Dec 05 '23 02:12 susanshi