envoyproxy/envoy

Audit YAML parsing code path

Open

#9039 aperta il 15 nov 2019

Vedi su GitHub
 (1 commento) (0 reazioni) (0 assegnatari)C++ (5373 fork)batch import
area/securityhelp wantedtech debt

Metriche repository

Star
 (27.997 star)
Metriche merge PR
 (Merge medio 8g) (378 PR mergiate in 30 g)

Descrizione

The YAML parser we're using are not robust to untrust input, it should only be used to parse local file. We should add some basic limitation in the code base to prevent it happening.

Guida contributor