kamp
/
Stirling-PDF
mirror of https://github.com/Stirling-Tools/Stirling-PDF.git
1
0
Fork 0
Code

Introduced protections against HTTP header injection / smuggling attacks

This commit is contained in:
pixeebot[bot] 2024-05-07 03:44:03 +00:00 committed by GitHub
parent 9b166da57d
commit 503acc9408
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/main/java/stirling/software/SPDF/config/security/UserBasedRateLimitingFilter.java
View File

@ -1,5 +1,6 @@
package stirling.software.SPDF.config.security;
import io.github.pixee.security.Newlines;
import java.io.IOException;
import java.time.Duration;
import java.util.Map;
@ -125,12 +126,12 @@ public class UserBasedRateLimitingFilter extends OncePerRequestFilter {
ConsumptionProbe probe = userBucket.tryConsumeAndReturnRemaining(1);
if (probe.isConsumed()) {
response.setHeader("X-Rate-Limit-Remaining", Long.toString(probe.getRemainingTokens()));
response.setHeader("X-Rate-Limit-Remaining", Newlines.stripAll(Long.toString(probe.getRemainingTokens())));
filterChain.doFilter(request, response);
} else {
long waitForRefill = probe.getNanosToWaitForRefill() / 1_000_000_000;
response.setStatus(HttpStatus.TOO_MANY_REQUESTS.value());
response.setHeader("X-Rate-Limit-Retry-After-Seconds", String.valueOf(waitForRefill));
response.setHeader("X-Rate-Limit-Retry-After-Seconds", Newlines.stripAll(String.valueOf(waitForRefill)));
response.getWriter().write("Rate limit exceeded for POST requests.");
}
}