-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid DoS on carefully crafted spec files (fix #61) #62
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I think, this is correct. Thank you.
Added the missing newline so the linter doesn't complain. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still good.
Hey. Thanks for the PR. Is there a reason for max_attempts being 1000? And why make it an argument at all? |
Is it OK with you guys if we make max_attempts local to that function? |
I left the max_attempts as a param to keep compatibility and/or let the user to call that function to whatever value seems/works appropriate for them The use of 1000 is just an arbitrary number, we can set it to any value that is high enough so the while loop ends. Finally @bkircher. maybe it's better to just throw an exception instead of returning when that max_attempts is reached. To me, as far as the loop exits in some way is an acceptable solution instead of looping forever. Just let me know what you want and I'll update the PR. |
OK for me.
OK.
Good one. I cherry-picked this into cfbde15 and added a subsequent commit that raises a RuntimeError instead of returning from that function. |
Fixes #61 by using a maximum number of attempts while replacing macros recursively.