Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CRE-40] Check binary size before decompression #994

Merged
merged 3 commits into from
Jan 14, 2025
Merged

[CRE-40] Check binary size before decompression #994

merged 3 commits into from
Jan 14, 2025

Conversation

agparadiso
Copy link
Contributor

@agparadiso agparadiso commented Jan 13, 2025
edited by jira bot
Loading

Description

This pr addresses decompression bombs by having a customisable MaxBinarySize that we will check before trying to decompress it. By default a 10mb default value is provided.

CRE-40

Requires

Supports

@agparadiso agparadiso changed the title fix: check binary size before decompression [CRE-40] Check binary size before decompression Jan 13, 2025
cedric-cordenier
cedric-cordenier reviewed Jan 13, 2025
View reviewed changes
pkg/workflows/wasm/host/module.go Outdated
@@ -91,6 +92,7 @@ type ModuleConfig struct {
IsUncompressed bool
Fetch func(ctx context.Context, req *wasmpb.FetchRequest) (*wasmpb.FetchResponse, error)
MaxFetchRequests int
MaxBinarySize int64
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@agparadiso Could we call this MaxUncompressedBinarySize -- since you're only applying it to the uncompressed size

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is used to check the size before decompressing it. Should it be MaxCompressedBinarySize? 🤔

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hah yes it should be :)

MStreet3
MStreet3 reviewed Jan 13, 2025
View reviewed changes
pkg/workflows/wasm/host/module.go Outdated
@@ -183,6 +189,12 @@ func NewModule(modCfg *ModuleConfig, binary []byte, opts ...func(*ModuleConfig))

engine := wasmtime.NewEngineWithConfig(cfg)
if !modCfg.IsUncompressed {
// validate the binary size before decompressing
// this is to prevent decompression bombs
if int64(len(binary)) > modCfg.MaxBinarySize {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this type be uint64

MStreet3
MStreet3 reviewed Jan 13, 2025
View reviewed changes
pkg/workflows/wasm/host/module.go Outdated
@@ -91,6 +92,7 @@ type ModuleConfig struct {
IsUncompressed bool
Fetch func(ctx context.Context, req *wasmpb.FetchRequest) (*wasmpb.FetchResponse, error)
MaxFetchRequests int
MaxBinarySize int64
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

uint64

MStreet3
MStreet3 reviewed Jan 13, 2025
View reviewed changes
pkg/workflows/wasm/host/wasm_test.go Outdated

t.Run("compressed binary size is bigger than the default 10mb limit", func(t *testing.T) {
// 11mb binary
binary := make([]byte, 11*1024*1024)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
binary := make([]byte, 11*1024*1024)
binary := make([]byte, defaultBinarySize + 1)

nit
maybe simpler to keep the test in sync if this default ever changes

@agparadiso agparadiso marked this pull request as ready for review January 13, 2025 16:38
@agparadiso agparadiso requested a review from a team as a code owner January 13, 2025 16:38
MStreet3
MStreet3 reviewed Jan 13, 2025
View reviewed changes
pkg/workflows/wasm/host/wasm_test.go Outdated
require.NoError(t, bwr.Close())

_, err = NewModule(&ModuleConfig{IsUncompressed: false, Logger: logger.Test(t)}, binary)
default10mbLimit := fmt.Sprintf("binary size exceeds the maximum allowed size of %d bytes", 10*1024*1024)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
default10mbLimit := fmt.Sprintf("binary size exceeds the maximum allowed size of %d bytes", 10*1024*1024)
default10mbLimit := fmt.Sprintf("binary size exceeds the maximum allowed size of %d bytes", defaultMaxCompressedBinarySize)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ahh true, sorry forgot about that one. should be good now thanks

MStreet3
MStreet3 reviewed Jan 13, 2025
View reviewed changes
Copy link
Contributor

@MStreet3 MStreet3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit fix test output

@agparadiso agparadiso force-pushed the fix/CRE-40_decompression_bombs branch from c6327cd to 82d5beb Compare January 13, 2025 16:46
MStreet3
MStreet3 approved these changes Jan 13, 2025
View reviewed changes
Copy link
Contributor

@MStreet3 MStreet3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🐛 💣

@agparadiso agparadiso merged commit 0cd7b49 into main Jan 14, 2025
12 checks passed
@agparadiso agparadiso deleted the fix/CRE-40_decompression_bombs branch January 14, 2025 14:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cedric-cordenier cedric-cordenier cedric-cordenier approved these changes

@MStreet3 MStreet3 MStreet3 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@agparadiso @MStreet3 @cedric-cordenier