envoyproxy/envoy

Audit YAML parsing code path

Open

#9,039 opened on Nov 15, 2019

View on GitHub
 (1 comment) (0 reactions) (0 assignees)C++ (5,373 forks)batch import
area/securityhelp wantedtech debt

Repository metrics

Stars
 (27,997 stars)
PR merge metrics
 (Avg merge 8d) (378 merged PRs in 30d)

Description

The YAML parser we're using are not robust to untrust input, it should only be used to parse local file. We should add some basic limitation in the code base to prevent it happening.

Contributor guide