-
Notifications
You must be signed in to change notification settings - Fork 221
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Specify a maximum number of runs to limit the request params -> DoS. #191
Conversation
adff178
to
b0d92f4
Compare
suppose i set |
It's your own fault if you use this code incorrectly. I also think we should document that should avoid using this in production or in any environment where a denial of service would cause an outage. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I prefer clamp, or at least something similar that sets both a low and high bound. What are your thoughts?
I guess in the interests of preventing people from trying to do |
Meanwhile, could you please consider enabling the private vulnerability reporting feature for this repo? |
I've enabled that, @Sim4n6, and there's also the option to go through Tidelift for vulnerability disclosure, per the README. |
Okay, I released it, thanks everyone! |
No description provided.