appsec: better handle chunked requests #3342
Conversation
|
@blotus: There are no 'kind' label on this PR. You need a 'kind' label to generate the release automatically.
DetailsI am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository. |
|
@blotus: There are no area labels on this PR. You can add as many areas as you see fit.
DetailsI am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository. |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #3342 +/- ##
==========================================
- Coverage 58.38% 54.51% -3.88%
==========================================
Files 351 351
Lines 37827 37829 +2
==========================================
- Hits 22087 20623 -1464
- Misses 13831 15372 +1541
+ Partials 1909 1834 -75
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚨 Try these New Features:
|
We were relying on the content-length header to compute the size of the buffer we need to allocate to store the body, but in the case of chunked requests, the content length is not set, thus we were allocating a 0 byte buffer.
Do not try to be smart, and read as much as we can.
We ignore unexpected EOF errors because some requests might set an invalid content-length header.