Skip to content

Commit f722c4a

Browse files
monkbrocmonkbroc
committed
Limit to 100 env vars per layer
1 parent 26acb1c commit f722c4a

File tree

2 files changed

+19
-3
lines changed

2 files changed

+19
-3
lines changed

lib/moduleEncoding.js

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ const ENV_ASSET_NAME = 'env';
2828
const ENV_JSON_FILE = 'env.json';
2929

3030
const MAX_ENV_SIZE = 16 * 1024;
31+
const MAX_ENV_VARS = 100;
3132

3233
function moduleFunctionToString(func) {
3334
switch (func) {
@@ -1683,12 +1684,16 @@ async function createProtectedModule(module, certificate) {
16831684
* @param {String|Number} snapshot.updatedAt Snapshot creation time. Can be a string in a format
16841685
* supported by `Date.parse()` or a numeric timestamp.
16851686
* @param {Number} [maxSize=MAX_ENV_SIZE] Maximum allowed size of the resulting module.
1687+
* @param {Number} [maxVars=MAX_ENV_VARS] Maximum allowed number of variables in the resulting module.
16861688
* @returns {Promise<Buffer>} Asset data.
16871689
*/
1688-
async function encodeEnvVarsAsset(vars, snapshot = undefined, maxSize = MAX_ENV_SIZE) {
1690+
async function encodeEnvVarsAsset(vars, snapshot = undefined, maxSize = MAX_ENV_SIZE, maxVars = MAX_ENV_VARS) {
16891691
if (!vars || typeof vars !== 'object') {
16901692
throw new Error('Expected variable values to be an object');
16911693
}
1694+
if (Object.keys(vars).length > maxVars) {
1695+
throw new Error(`Number of variables exceeds the maximum of ${maxVars}`);
1696+
}
16921697
if (JSON.stringify(vars).length > maxSize) {
16931698
throw new Error('Asset exceeds the maximum size');
16941699
}
@@ -1745,17 +1750,18 @@ async function encodeEnvVarsAsset(vars, snapshot = undefined, maxSize = MAX_ENV_
17451750
* @param {String|Number} snapshot.updatedAt Snapshot creation time. Can be a string in a format
17461751
* supported by `Date.parse()` or a numeric timestamp.
17471752
* @param {Number} [maxSize=MAX_ENV_SIZE] Maximum allowed size of the resulting module.
1753+
* @param {Number} [maxVars=MAX_ENV_VARS] Maximum allowed number of variables in the resulting module.
17481754
* @returns {Promise<Buffer>} Module binary.
17491755
*/
1750-
async function createEnvVarsAssetModule(vars, snapshot = undefined, maxSize = MAX_ENV_SIZE) {
1756+
async function createEnvVarsAssetModule(vars, snapshot = undefined, maxSize = MAX_ENV_SIZE, maxVars = MAX_ENV_VARS) {
17511757
let assetData;
17521758
if (Buffer.isBuffer(vars)) {
17531759
if (snapshot) {
17541760
throw new Error('Cannot set snapshot details in already encoded asset data');
17551761
}
17561762
assetData = vars;
17571763
} else {
1758-
assetData = await encodeEnvVarsAsset(vars, snapshot, maxSize);
1764+
assetData = await encodeEnvVarsAsset(vars, snapshot, maxSize, maxVars);
17591765
}
17601766

17611767
const assetModule = await createAssetModule(assetData, ENV_ASSET_NAME, {

specs/lib/moduleEncoding.spec.js

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1039,6 +1039,16 @@ describe('moduleEncoding', () => {
10391039
const msg = 'Asset exceeds the maximum size';
10401040
await expect(createEnvVarsAssetModule({ 'ABC': '1'.repeat(20000) })).to.be.eventually.rejectedWith(Error, msg);
10411041
});
1042+
1043+
1044+
it('asset exceeds the maximum number of variables', async () => {
1045+
const msg = 'Number of variables exceeds the maximum of 100';
1046+
const vars = {};
1047+
for (let i = 0; i < 101; i++) {
1048+
vars['VAR' + i] = 'value';
1049+
}
1050+
await expect(createEnvVarsAssetModule(vars)).to.be.eventually.rejectedWith(Error, msg);
1051+
});
10421052
});
10431053
});
10441054
});

0 commit comments

Comments
 (0)