scott/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2026-02-04 18:00:15 -05:00
Code Issues Packages Projects Releases Wiki Activity

Limit jstream parse depth (#20474)

Browse Source 
Add https://github.com/bcicen/jstream/pull/15 by vendoring the package.

Sets JSON depth limit to 100 entries in S3 Select.
This commit is contained in:
Klaus Post
2024-09-23 12:35:41 -07:00
committed by GitHub
parent 03e996320e
commit 974cbb3bb7
21 changed files with 1484 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/postpolicyform.go
View File

@@ -29,10 +29,10 @@ import (
"strings"
"time"
"github.com/bcicen/jstream"
"github.com/minio/minio-go/v7/pkg/encrypt"
"github.com/minio/minio-go/v7/pkg/set"
xhttp "github.com/minio/minio/internal/http"
"github.com/minio/minio/internal/s3select/jstream"
)
// startWithConds - map which indicates if a given condition supports starts-with policy operator
@@ -140,7 +140,7 @@ type PostPolicyForm struct {
func sanitizePolicy(r io.Reader) (io.Reader, error) {
var buf bytes.Buffer
e := json.NewEncoder(&buf)
d := jstream.NewDecoder(r, 0).ObjectAsKVS()
d := jstream.NewDecoder(r, 0).ObjectAsKVS().MaxDepth(10)
sset := set.NewStringSet()
for mv := range d.Stream() {
var kvs jstream.KVS