envoyproxy/envoy

Audit YAML parsing code path

Open

#9.039 aberto em 15 de nov. de 2019

Ver no GitHub
 (1 comment) (0 reactions) (0 assignees)C++ (5.373 forks)batch import
area/securityhelp wantedtech debt

Métricas do repositório

Stars
 (27.997 stars)
Métricas de merge de PR
 (Mesclagem média 8d) (378 fundiu PRs em 30d)

Description

The YAML parser we're using are not robust to untrust input, it should only be used to parse local file. We should add some basic limitation in the code base to prevent it happening.

Guia do colaborador