tallship/FoundKey
0
0
Fork 0
forked from FoundKeyGang/FoundKey
Code Issues Pull requests Packages Projects Releases Wiki Activity

server: Add recursion limit to resolver

Browse source 
Changelog: Security
This commit is contained in:
Derek Schmidt 2022-12-01 00:46:05 -05:00 committed by Francis Dinh
parent 97288cb75f
commit d3af00a912
Signed by untrusted user: norm
GPG key ID: 7123E30E441E80DE
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
packages/backend/src/remote/activitypub/resolver.ts
View file

@ -19,9 +19,11 @@ import { parseUri } from './db-resolver.js';
export default class Resolver {
private history: Set<string>;
private user?: ILocalUser;
private recursionLimit?: number;
constructor() {
constructor(recursionLimit = 100) {
this.history = new Set();
this.recursionLimit = recursionLimit;
}
public getHistory(): string[] {
@ -59,7 +61,9 @@ export default class Resolver {
if (this.history.has(value)) {
throw new Error('cannot resolve already resolved one');
}
if (this.recursionLimit && this.history.size > this.recursionLimit) {
throw new Error('hit recursion limit');
}
this.history.add(value);
const host = extractDbHost(value);