duckietm/Nitro_Render_V3
1
0
Fork 0
mirror of https://github.com/duckietm/Nitro_Render_V3.git synced 2026-06-19 15:06:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

㊙️ Security update

Browse Source 
- Parser bounds: Added Math.min() caps on all loop counts: offers (1000), products (200), front page items (100), localization images/texts (100), node children (500)

- Recursion depth limit: Added static depth counter to NodeData with max depth of 20 to prevent stack overflow from deeply nested catalog trees
This commit is contained in:
DuckieTM
2026-03-23 22:01:42 +01:00
parent 02e924440e
commit 338bb62835
4 changed files with 22 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/communication/src/messages/parser/catalog/CatalogLocalizationData.ts
+2 -2
View File
@@ -10,7 +10,7 @@ export class CatalogLocalizationData
this._images = []; this._images = [];
this._texts = []; this._texts = [];
let totalImages = wrapper.readInt(); let totalImages = Math.min(wrapper.readInt(), 100);
while(totalImages > 0) while(totalImages > 0)
{ {
@@ -19,7 +19,7 @@ export class CatalogLocalizationData
totalImages--; totalImages--;
} }
let totalTexts = wrapper.readInt(); let totalTexts = Math.min(wrapper.readInt(), 100);
while(totalTexts > 0) while(totalTexts > 0)
{ {
packages/communication/src/messages/parser/catalog/CatalogPageMessageOfferData.ts
+1 -1
View File
@@ -28,7 +28,7 @@ export class CatalogPageMessageOfferData
this._products = []; this._products = [];
let totalProducts = wrapper.readInt(); let totalProducts = Math.min(wrapper.readInt(), 200);
while(totalProducts > 0) while(totalProducts > 0)
{ {
packages/communication/src/messages/parser/catalog/CatalogPageMessageParser.ts
+2 -2
View File
@@ -37,7 +37,7 @@ export class CatalogPageMessageParser implements IMessageParser
this._layoutCode = wrapper.readString(); this._layoutCode = wrapper.readString();
this._localization = new CatalogLocalizationData(wrapper); this._localization = new CatalogLocalizationData(wrapper);
let totalOffers = wrapper.readInt(); let totalOffers = Math.min(wrapper.readInt(), 1000);
while(totalOffers > 0) while(totalOffers > 0)
{ {
@@ -51,7 +51,7 @@ export class CatalogPageMessageParser implements IMessageParser
if(wrapper.bytesAvailable) if(wrapper.bytesAvailable)
{ {
let totalFrontPageItems = wrapper.readInt(); let totalFrontPageItems = Math.min(wrapper.readInt(), 100);
while(totalFrontPageItems > 0) while(totalFrontPageItems > 0)
{ {
packages/communication/src/messages/parser/catalog/NodeData.ts
+17 -2
View File
@@ -31,6 +31,11 @@ export class NodeData
return true; return true;
} }
private static readonly MAX_OFFERS: number = 1000;
private static readonly MAX_CHILDREN: number = 500;
private static _parseDepth: number = 0;
private static readonly MAX_DEPTH: number = 20;
public parse(wrapper: IMessageDataWrapper): boolean public parse(wrapper: IMessageDataWrapper): boolean
{ {
if(!wrapper) return false; if(!wrapper) return false;
@@ -41,7 +46,7 @@ export class NodeData
this._pageName = wrapper.readString(); this._pageName = wrapper.readString();
this._localization = wrapper.readString(); this._localization = wrapper.readString();
let totalOffers = wrapper.readInt(); let totalOffers = Math.min(wrapper.readInt(), NodeData.MAX_OFFERS);
while(totalOffers > 0) while(totalOffers > 0)
{ {
@@ -50,7 +55,15 @@ export class NodeData
totalOffers--; totalOffers--;
} }
let totalChildren = wrapper.readInt(); let totalChildren = Math.min(wrapper.readInt(), NodeData.MAX_CHILDREN);
NodeData._parseDepth++;
if(NodeData._parseDepth > NodeData.MAX_DEPTH)
{
NodeData._parseDepth--;
return true;
}
while(totalChildren > 0) while(totalChildren > 0)
{ {
@@ -59,6 +72,8 @@ export class NodeData
totalChildren--; totalChildren--;
} }
NodeData._parseDepth--;
return true; return true;
} }