kamp/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Stirling-Tools/Stirling-PDF.git synced 2024-11-13 03:00:10 +01:00
Code

Merge pull request #1179 from Stirling-Tools/pixeebot/drip-2024-05-07-pixee-java/strip-http-header-newlines

Browse Source 
Introduced protections against HTTP header injection / smuggling attacks
This commit is contained in:
Anthony Stirling 2024-05-07 19:14:29 +01:00 committed by GitHub
commit be5d5fdf04
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/main/java/stirling/software/SPDF/config/security/UserBasedRateLimitingFilter.java
View File

@ -1,5 +1,6 @@
package stirling.software.SPDF.config.security;
import io.github.pixee.security.Newlines;
import java.io.IOException;
import java.time.Duration;
import java.util.Map;
@ -125,12 +126,12 @@ public class UserBasedRateLimitingFilter extends OncePerRequestFilter {
ConsumptionProbe probe = userBucket.tryConsumeAndReturnRemaining(1);
if (probe.isConsumed()) {
response.setHeader("X-Rate-Limit-Remaining", Long.toString(probe.getRemainingTokens()));
response.setHeader("X-Rate-Limit-Remaining", Newlines.stripAll(Long.toString(probe.getRemainingTokens())));
filterChain.doFilter(request, response);
} else {
long waitForRefill = probe.getNanosToWaitForRefill() / 1_000_000_000;
response.setStatus(HttpStatus.TOO_MANY_REQUESTS.value());
response.setHeader("X-Rate-Limit-Retry-After-Seconds", String.valueOf(waitForRefill));
response.setHeader("X-Rate-Limit-Retry-After-Seconds", Newlines.stripAll(String.valueOf(waitForRefill)));
response.getWriter().write("Rate limit exceeded for POST requests.");
}
}