From 36ac7c6d6a6fab98947be22ce5b1c4df46c67488 Mon Sep 17 00:00:00 2001 From: Thijs Schreijer Date: Mon, 18 Jul 2016 15:27:51 +0200 Subject: [PATCH 1/3] fix(plugin) fixes a wrong constant for the request size limit plugin --- kong/plugins/request-size-limiting/handler.lua | 13 +++++++------ .../request-size-limiting/01-access_spec.lua | 12 +++++++----- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/kong/plugins/request-size-limiting/handler.lua b/kong/plugins/request-size-limiting/handler.lua index 437e417081f..a486e4e8247 100644 --- a/kong/plugins/request-size-limiting/handler.lua +++ b/kong/plugins/request-size-limiting/handler.lua @@ -2,16 +2,16 @@ local BasePlugin = require "kong.plugins.base_plugin" local responses = require "kong.tools.responses" -local stringy = require "stringy" +local strip = require("pl.stringx").strip local RequestSizeLimitingHandler = BasePlugin:extend() RequestSizeLimitingHandler.PRIORITY = 950 local function check_size(length, allowed_size, headers) - local allowed_bytes_size = allowed_size * 100000 + local allowed_bytes_size = allowed_size * 1000000 if length > allowed_bytes_size then - if headers.expect and stringy.strip(headers.expect:lower()) == "100-continue" then + if headers.expect and strip(headers.expect:lower()) == "100-continue" then return responses.send(417, "Request size limit exceeded") else return responses.send(413, "Request size limit exceeded") @@ -26,14 +26,15 @@ end function RequestSizeLimitingHandler:access(conf) RequestSizeLimitingHandler.super.access(self) local headers = ngx.req.get_headers() - if headers["content-length"] then - check_size(tonumber(headers["content-length"]), conf.allowed_payload_size, headers) + local cl = headers["content-length"] + if cl then + check_size(tonumber(cl), conf.allowed_payload_size, headers) else -- If the request body is too big, this could consume too much memory (to check) ngx.req.read_body() local data = ngx.req.get_body_data() if data then - check_size(string.len(data), conf.allowed_payload_size, headers) + check_size(#data, conf.allowed_payload_size, headers) end end end diff --git a/spec/03-plugins/request-size-limiting/01-access_spec.lua b/spec/03-plugins/request-size-limiting/01-access_spec.lua index 3e37fb2fa64..e45b8890b3e 100644 --- a/spec/03-plugins/request-size-limiting/01-access_spec.lua +++ b/spec/03-plugins/request-size-limiting/01-access_spec.lua @@ -1,5 +1,7 @@ local helpers = require "spec.helpers" +local TEST_SIZE = 1 + describe("Plugin: request-size-limiting (access)", function() local client setup(function() @@ -15,7 +17,7 @@ describe("Plugin: request-size-limiting (access)", function() name = "request-size-limiting", api_id = api.id, config = { - allowed_payload_size = 10 + allowed_payload_size = TEST_SIZE } }) @@ -29,7 +31,7 @@ describe("Plugin: request-size-limiting (access)", function() describe("with Content-Length set", function() it("allows request of lower size", function() - local body = "foo=test&bar=foobar" + local body = string.rep("a", TEST_SIZE * 1000000) local res = assert(client:request { method = "POST", @@ -44,7 +46,7 @@ describe("Plugin: request-size-limiting (access)", function() assert.res_status(200, res) end) it("blocks request exceeding size limit", function() - local body = string.rep("a", 11 * 2^20) + local body = string.rep("a", TEST_SIZE * 1000000 + 1) local res = assert(client:send { method = "POST", @@ -63,7 +65,7 @@ describe("Plugin: request-size-limiting (access)", function() describe("without Content-Length", function() it("allows request of lower size", function() - local body = "foo=test&bar=foobar" + local body = string.rep("a", TEST_SIZE * 1000000) local res = assert(client:request { method = "POST", @@ -77,7 +79,7 @@ describe("Plugin: request-size-limiting (access)", function() assert.res_status(200, res) end) it("blocks request exceeding size limit", function() - local body = string.rep("a", 11 * 2^20) + local body = string.rep("a", TEST_SIZE * 1000000 + 1) local res = assert(client:send { method = "POST", From 3bfa718a6fcfa97fe6f7238afa2775464ce332c7 Mon Sep 17 00:00:00 2001 From: Thijs Schreijer Date: Mon, 18 Jul 2016 22:02:40 +0200 Subject: [PATCH 2/3] purified a constant, excorcism completed --- kong/plugins/request-size-limiting/handler.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/kong/plugins/request-size-limiting/handler.lua b/kong/plugins/request-size-limiting/handler.lua index a486e4e8247..376a69341fd 100644 --- a/kong/plugins/request-size-limiting/handler.lua +++ b/kong/plugins/request-size-limiting/handler.lua @@ -4,12 +4,14 @@ local BasePlugin = require "kong.plugins.base_plugin" local responses = require "kong.tools.responses" local strip = require("pl.stringx").strip +local MEGABYTE = 10^6 + local RequestSizeLimitingHandler = BasePlugin:extend() RequestSizeLimitingHandler.PRIORITY = 950 local function check_size(length, allowed_size, headers) - local allowed_bytes_size = allowed_size * 1000000 + local allowed_bytes_size = allowed_size * MEGABYTE if length > allowed_bytes_size then if headers.expect and strip(headers.expect:lower()) == "100-continue" then return responses.send(417, "Request size limit exceeded") From c6545d2dd6bff71f30f5c9e39a5a8a9853b09a8d Mon Sep 17 00:00:00 2001 From: Thijs Schreijer Date: Mon, 18 Jul 2016 22:09:02 +0200 Subject: [PATCH 3/3] fix linter errors --- kong/plugins/request-size-limiting/handler.lua | 4 ++-- spec/03-plugins/request-transformer/02-api_spec.lua | 1 - spec/03-plugins/response-transformer/03-api_spec.lua | 1 - 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/kong/plugins/request-size-limiting/handler.lua b/kong/plugins/request-size-limiting/handler.lua index 376a69341fd..c29721e379f 100644 --- a/kong/plugins/request-size-limiting/handler.lua +++ b/kong/plugins/request-size-limiting/handler.lua @@ -4,14 +4,14 @@ local BasePlugin = require "kong.plugins.base_plugin" local responses = require "kong.tools.responses" local strip = require("pl.stringx").strip -local MEGABYTE = 10^6 +local MB = 2^20 local RequestSizeLimitingHandler = BasePlugin:extend() RequestSizeLimitingHandler.PRIORITY = 950 local function check_size(length, allowed_size, headers) - local allowed_bytes_size = allowed_size * MEGABYTE + local allowed_bytes_size = allowed_size * MB if length > allowed_bytes_size then if headers.expect and strip(headers.expect:lower()) == "100-continue" then return responses.send(417, "Request size limit exceeded") diff --git a/spec/03-plugins/request-transformer/02-api_spec.lua b/spec/03-plugins/request-transformer/02-api_spec.lua index a23f099cede..e35b18900a7 100644 --- a/spec/03-plugins/request-transformer/02-api_spec.lua +++ b/spec/03-plugins/request-transformer/02-api_spec.lua @@ -1,5 +1,4 @@ local helpers = require "spec.helpers" -local cjson = require "cjson" describe("Plugin: request-transformer (API)", function() local admin_client diff --git a/spec/03-plugins/response-transformer/03-api_spec.lua b/spec/03-plugins/response-transformer/03-api_spec.lua index fc15a23796b..d873fdb25fa 100644 --- a/spec/03-plugins/response-transformer/03-api_spec.lua +++ b/spec/03-plugins/response-transformer/03-api_spec.lua @@ -1,5 +1,4 @@ local helpers = require "spec.helpers" -local cjson = require "cjson" describe("Plugin: response-transformer (API)", function() local admin_client