Truncate large user agents when detecting browser to avoid 500#6036
Merged
mitchellhenke merged 2 commits intomainfrom Mar 7, 2022
Merged
Truncate large user agents when detecting browser to avoid 500#6036mitchellhenke merged 2 commits intomainfrom
mitchellhenke merged 2 commits intomainfrom
Conversation
zachmargolis
approved these changes
Mar 7, 2022
Contributor
zachmargolis
left a comment
zachmargolis
left a comment
There was a problem hiding this comment.
LGTM, yikes what a weird bug.... but I guess it's probably guarding against some sort of resource abuse
zachmargolis
reviewed
Mar 7, 2022
app/services/browser_cache.rb
Outdated
Contributor
There was a problem hiding this comment.
The gem README in the gem is bytes not characters, so I think this method is more appropriate:
Suggested change
| @cache.getset(user_agent) { Browser.new(user_agent[0..2046]) } | |
| @cache.getset(user_agent) { Browser.new(user_agent.byteslice(0..2046)) } |
https://ruby-doc.org/core-3.1.1/String.html#method-i-byteslice
Contributor
Author
There was a problem hiding this comment.
Great catch, that made me think of another fun edge case!
Browser.new("abc👏🏼".byteslice(0..3))
# => ArgumentError: invalid byte sequence in UTF-8
# => from /Users/mitchellehenke/projects/identity-idp/.gem/ruby/3.0.3/gems/browser-5.3.1/lib/browser/blackberry.rb:20:in `match?'It looks like the most complete is to truncate with the multibyte characters class from Rails, which will avoid splitting in the middle of a character.
@cache.getset(user_agent) { Browser.new(user_agent.mb_chars.limit(2047)) }
zachmargolis
reviewed
Mar 7, 2022
mitchellhenke
force-pushed
the
mitchellhenke/browser-user-agent-too-big
branch
2 times, most recently
from
e5e650f to
9461498
Compare
changelog: Bug Fix, Logging, Fix 500 when parsing browser user-agent that is too long
Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
mitchellhenke
force-pushed
the
mitchellhenke/browser-user-agent-too-big
branch
from
9461498 to
8aae8e2
Compare
aduth
reviewed
Mar 11, 2022
| def self.parse(user_agent) | ||
| @cache.getset(user_agent) { Browser.new(user_agent) } | ||
| return Browser.new(nil) if user_agent.nil? | ||
| @cache.getset(user_agent) { Browser.new(user_agent.mb_chars.limit(2047).to_s) } |
Contributor
There was a problem hiding this comment.
Could we have used the constant value, to avoid a magic number?
Suggested change
| @cache.getset(user_agent) { Browser.new(user_agent.mb_chars.limit(2047).to_s) } | |
| @cache.getset(user_agent) { Browser.new(user_agent.mb_chars.limit(Browser.user_agent_size_limit - 1).to_s) } |
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes a 500 if the user-agent is too long NewRelic
It defaults to needing to be under 2048 characters, and we could make it larger, but 2048 feels pretty sufficient?
https://github.com/fnando/browser/blob/fa4f685482c315b8/lib/browser/browser.rb#L64-L65
https://github.com/fnando/browser/blob/fa4f685482c315b8d0b896d0c82bfe667ab3e2bb/lib/browser/base.rb#L277-L279