Protect readLine() against DoS (#7)

pixeebot[bot] · web-flow · commit f86ca6dc2fb2 · 2024-07-19T08:36:14.000-04:00
Co-authored-by: pixeebot[bot] &lt;104101892+pixeebot[bot]@users.noreply.github.com&gt;
diff --git a/eureka-client/src/main/java/com/netflix/appinfo/AmazonInfo.java b/eureka-client/src/main/java/com/netflix/appinfo/AmazonInfo.java
@@ -16,6 +16,7 @@
 
 package com.netflix.appinfo;
 
+import io.github.pixee.security.BoundedLineReader;
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStream;
@@ -115,7 +116,7 @@ public String read(InputStream inputStream) throws IOException {
                 try {
                     String toReturn = null;
                     String inputLine;
-                    while ((inputLine = br.readLine()) != null) {
+                    while ((inputLine = BoundedLineReader.readLine(br, 5_000_000)) != null) {
                         Matcher matcher = pattern.matcher(inputLine);
                         if (toReturn == null && matcher.find()) {
                             toReturn = matcher.group(1);
@@ -155,11 +156,11 @@ public String read(InputStream inputStream) throws IOException {
             BufferedReader br = new BufferedReader(new InputStreamReader(inputStream));
             String toReturn;
             try {
-                String line = br.readLine();
+                String line = BoundedLineReader.readLine(br, 5_000_000);
                 toReturn = line;
 
                 while (line != null) {  // need to read all the buffer for a clean connection close
-                    line = br.readLine();
+                    line = BoundedLineReader.readLine(br, 5_000_000);
                 }
 
                 return toReturn;
diff --git a/eureka-client/src/main/java/com/netflix/discovery/internal/util/AmazonInfoUtils.java b/eureka-client/src/main/java/com/netflix/discovery/internal/util/AmazonInfoUtils.java
@@ -1,6 +1,7 @@
 package com.netflix.discovery.internal.util;
 
 import com.netflix.appinfo.AmazonInfo.MetaDataKey;
+import io.github.pixee.security.BoundedLineReader;
 
 import java.io.BufferedReader;
 import java.io.IOException;
@@ -24,7 +25,7 @@ public static String readEc2MetadataUrl(MetaDataKey metaDataKey, URL url, int co
         if (uc.getResponseCode() != HttpURLConnection.HTTP_OK) {  // need to read the error for clean connection close
             BufferedReader br = new BufferedReader(new InputStreamReader(uc.getErrorStream()));
             try {
-                while (br.readLine() != null) {
+                while (BoundedLineReader.readLine(br, 5_000_000) != null) {
                     // do nothing but keep reading the line
                 }
             } finally {
diff --git a/eureka-examples/src/main/java/com/netflix/eureka/ExampleEurekaClient.java b/eureka-examples/src/main/java/com/netflix/eureka/ExampleEurekaClient.java
@@ -16,6 +16,7 @@
 
 package com.netflix.eureka;
 
+import io.github.pixee.security.BoundedLineReader;
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStreamReader;
@@ -103,7 +104,7 @@ public void sendRequestToServiceUsingEureka(EurekaClient eurekaClient) {
 
             System.out.println("Waiting for server response..");
             BufferedReader rd = new BufferedReader(new InputStreamReader(s.getInputStream()));
-            String str = rd.readLine();
+            String str = BoundedLineReader.readLine(rd, 5_000_000);
             if (str != null) {
                 System.out.println("Received response from server: " + str);
                 System.out.println("Exiting the client. Demo over..");
diff --git a/eureka-examples/src/main/java/com/netflix/eureka/ExampleServiceBase.java b/eureka-examples/src/main/java/com/netflix/eureka/ExampleServiceBase.java
@@ -4,6 +4,7 @@
 import com.netflix.appinfo.InstanceInfo;
 import com.netflix.config.DynamicPropertyFactory;
 import com.netflix.discovery.EurekaClient;
+import io.github.pixee.security.BoundedLineReader;
 
 import javax.annotation.PostConstruct;
 import javax.annotation.PreDestroy;
@@ -106,7 +107,7 @@ private void waitForRegistrationWithEureka(EurekaClient eurekaClient) {
     private void processRequest(final Socket s) {
         try {
             BufferedReader rd = new BufferedReader(new InputStreamReader(s.getInputStream()));
-            String line = rd.readLine();
+            String line = BoundedLineReader.readLine(rd, 5_000_000);
             if (line != null) {
                 System.out.println("Received a request from the example client: " + line);
             }
