rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5 heartwood4cbbd6c1c1601505bd12e19d16cb51fb7d34da51
{
"request": "trigger",
"version": 1,
"event_type": "patch",
"repository": {
"id": "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5",
"name": "heartwood",
"description": "Radicle Heartwood Protocol & Stack",
"private": false,
"default_branch": "master",
"delegates": [
"did:key:z6MksFqXN3Yhqk8pTJdUGLwATkRfQvwZXPqR2qMEhbS9wzpT",
"did:key:z6MktaNvN1KVFMkSRAiN4qK5yvX1zuEEaseeX5sffhzPZRZW",
"did:key:z6MkireRatUThvd3qzfKht1S44wpm4FEWSSa4PRMTSQZ3voM",
"did:key:z6MkgFq6z5fkF2hioLLSNu1zP2qEL1aHXHZzGH1FLFGAnBGz",
"did:key:z6MkkPvBfjP4bQmco5Dm7UGsX2ruDBieEHi8n9DVJWX5sTEz"
]
},
"action": "Created",
"patch": {
"id": "89b4dd202bb1faa0feb32ac0d077c5869345059f",
"author": {
"id": "did:key:z6MkkfM3tPXNPrPevKr3uSiQtHPuwnNhu2yUVjgd2jXVsVz5",
"alias": "sebastinez"
},
"title": "httpd: Validate blob size for blob end readme endpoints",
"state": {
"status": "merged",
"conflicts": []
},
"before": "3b342ab385810fd3e67ec1fb05f45b27ba50bc36",
"after": "4cbbd6c1c1601505bd12e19d16cb51fb7d34da51",
"commits": [
"4cbbd6c1c1601505bd12e19d16cb51fb7d34da51"
],
"target": "6cfed884bf37cba1e0d8e97fa8b0e94df4a04b1f",
"labels": [],
"assignees": [],
"revisions": [
{
"id": "89b4dd202bb1faa0feb32ac0d077c5869345059f",
"author": {
"id": "did:key:z6MkkfM3tPXNPrPevKr3uSiQtHPuwnNhu2yUVjgd2jXVsVz5",
"alias": "sebastinez"
},
"description": "Similar to what we do on the `/raw` endpoint, we should also make sure that the blob end readme endpoints don't serve too big files, who can eventually freeze the http consumer.",
"base": "6ab3bfcba0577fabdcb84498441c6605391290f4",
"oid": "02c1a52da52def0cc276dc136b99646ccfd563e6",
"timestamp": 1715257009
},
{
"id": "9368890e235477616d0cc0cd6a7c9bc5c805b6a5",
"author": {
"id": "did:key:z6MkkfM3tPXNPrPevKr3uSiQtHPuwnNhu2yUVjgd2jXVsVz5",
"alias": "sebastinez"
},
"description": "Rebase",
"base": "3b342ab385810fd3e67ec1fb05f45b27ba50bc36",
"oid": "4266085b24e3e713109ac06860662bc5fb21ea44",
"timestamp": 1715769974
},
{
"id": "f2dd7564d484931c5b0a9fa570ee24d90b6ad757",
"author": {
"id": "did:key:z6MkkfM3tPXNPrPevKr3uSiQtHPuwnNhu2yUVjgd2jXVsVz5",
"alias": "sebastinez"
},
"description": "Fix return type issue",
"base": "3b342ab385810fd3e67ec1fb05f45b27ba50bc36",
"oid": "7b354c9357ce74f5ccfe6ca97740ea28d1a2c3bb",
"timestamp": 1715770613
},
{
"id": "da622c867ac75152980b2f8736b3a77b51d84f77",
"author": {
"id": "did:key:z6MkkfM3tPXNPrPevKr3uSiQtHPuwnNhu2yUVjgd2jXVsVz5",
"alias": "sebastinez"
},
"description": "Fix readme using immutable_response fn",
"base": "3b342ab385810fd3e67ec1fb05f45b27ba50bc36",
"oid": "4cbbd6c1c1601505bd12e19d16cb51fb7d34da51",
"timestamp": 1715770868
},
{
"id": "1a72e050e64b9c1505d3ff2dfc3c7c32827e31cf",
"author": {
"id": "did:key:z6MkkfM3tPXNPrPevKr3uSiQtHPuwnNhu2yUVjgd2jXVsVz5",
"alias": "sebastinez"
},
"description": "Shorten commit message.",
"base": "3b342ab385810fd3e67ec1fb05f45b27ba50bc36",
"oid": "5727359319f2b8ba6311f066391b7ab0004e5558",
"timestamp": 1715771033
}
]
}
}
{
"response": "triggered",
"run_id": {
"id": "e0fa87b0-b001-4a61-ba33-2ac66f41c19e"
},
"info_url": "https://cci.rad.levitte.org//e0fa87b0-b001-4a61-ba33-2ac66f41c19e.html"
}
Started at: 2025-10-21 18:33:06.042206+02:00
Commands:
$ rad clone rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5 .
✓ Creating checkout in ./...
✓ Remote cloudhead@z6MksFqXN3Yhqk8pTJdUGLwATkRfQvwZXPqR2qMEhbS9wzpT added
✓ Remote-tracking branch cloudhead@z6MksFqXN3Yhqk8pTJdUGLwATkRfQvwZXPqR2qMEhbS9wzpT/master created for z6MksFqXN3Yhqk8pTJdUGLwATkRfQvwZXPqR2qMEhbS9wzpT
✓ Remote cloudhead@z6MktaNvN1KVFMkSRAiN4qK5yvX1zuEEaseeX5sffhzPZRZW added
✓ Remote-tracking branch cloudhead@z6MktaNvN1KVFMkSRAiN4qK5yvX1zuEEaseeX5sffhzPZRZW/master created for z6MktaNvN1KVFMkSRAiN4qK5yvX1zuEEaseeX5sffhzPZRZW
✓ Remote fintohaps@z6MkireRatUThvd3qzfKht1S44wpm4FEWSSa4PRMTSQZ3voM added
✓ Remote-tracking branch fintohaps@z6MkireRatUThvd3qzfKht1S44wpm4FEWSSa4PRMTSQZ3voM/master created for z6MkireRatUThvd3qzfKht1S44wpm4FEWSSa4PRMTSQZ3voM
✓ Remote erikli@z6MkgFq6z5fkF2hioLLSNu1zP2qEL1aHXHZzGH1FLFGAnBGz added
✓ Remote-tracking branch erikli@z6MkgFq6z5fkF2hioLLSNu1zP2qEL1aHXHZzGH1FLFGAnBGz/master created for z6MkgFq6z5fkF2hioLLSNu1zP2qEL1aHXHZzGH1FLFGAnBGz
✓ Remote lorenz@z6MkkPvBfjP4bQmco5Dm7UGsX2ruDBieEHi8n9DVJWX5sTEz added
✓ Remote-tracking branch lorenz@z6MkkPvBfjP4bQmco5Dm7UGsX2ruDBieEHi8n9DVJWX5sTEz/master created for z6MkkPvBfjP4bQmco5Dm7UGsX2ruDBieEHi8n9DVJWX5sTEz
✓ Repository successfully cloned under /opt/radcis/ci.rad.levitte.org/cci/state/e0fa87b0-b001-4a61-ba33-2ac66f41c19e/w/
╭────────────────────────────────────╮
│ heartwood │
│ Radicle Heartwood Protocol & Stack │
│ 125 issues · 15 patches │
╰────────────────────────────────────╯
Run `cd ./.` to go to the repository directory.
Exit code: 0
$ rad patch checkout 89b4dd202bb1faa0feb32ac0d077c5869345059f
✓ Switched to branch patch/89b4dd2 at revision da622c8
✓ Branch patch/89b4dd2 setup to track rad/patches/89b4dd202bb1faa0feb32ac0d077c5869345059f
Exit code: 0
$ git config advice.detachedHead false
Exit code: 0
$ git checkout 4cbbd6c1c1601505bd12e19d16cb51fb7d34da51
HEAD is now at 4cbbd6c1 httpd: Validate blob size for blob end readme endpoints
Exit code: 0
$ git show 4cbbd6c1c1601505bd12e19d16cb51fb7d34da51
commit 4cbbd6c1c1601505bd12e19d16cb51fb7d34da51
Author: Sebastian Martinez <me@sebastinez.dev>
Date: Thu May 9 14:15:40 2024 +0200
httpd: Validate blob size for blob end readme endpoints
diff --git a/radicle-httpd/src/api/v1/projects.rs b/radicle-httpd/src/api/v1/projects.rs
index 3e8f483c..9efa7052 100644
--- a/radicle-httpd/src/api/v1/projects.rs
+++ b/radicle-httpd/src/api/v1/projects.rs
@@ -537,9 +537,18 @@ async fn blob_handler(
let (repo, _) = ctx.repo(project)?;
let repo = Repository::open(repo.path())?;
let blob = repo.blob(sha, &path)?;
- let response = api::json::blob(&blob, &path);
- Ok::<_, Error>(immutable_response(response))
+ if blob.size() > MAX_BODY_LIMIT {
+ return Ok::<_, Error>(
+ (
+ StatusCode::PAYLOAD_TOO_LARGE,
+ [(header::CACHE_CONTROL, "no-cache")],
+ Json(json!([])),
+ )
+ .into_response(),
+ );
+ }
+ Ok::<_, Error>(immutable_response(api::json::blob(&blob, &path)).into_response())
}
/// Get project readme.
@@ -565,8 +574,20 @@ async fn readme_handler(
.chain(paths.iter().map(|p| p.to_lowercase()))
{
if let Ok(blob) = repo.blob(sha, &path) {
- let response = api::json::blob(&blob, &path);
- return Ok::<_, Error>(immutable_response(response));
+ if blob.size() > MAX_BODY_LIMIT {
+ return Ok::<_, Error>(
+ (
+ StatusCode::PAYLOAD_TOO_LARGE,
+ [(header::CACHE_CONTROL, "no-cache")],
+ Json(json!([])),
+ )
+ .into_response(),
+ );
+ }
+
+ return Ok::<_, Error>(
+ immutable_response(api::json::blob(&blob, &path)).into_response(),
+ );
}
}
Exit code: 0
shell: 'cargo --version rustc --version cargo fmt --check cargo clippy --all-targets --workspace -- --deny clippy::all cargo build --all-targets --workspace cargo doc --workspace cargo test --workspace --no-fail-fast '
Commands:
$ podman run --name e0fa87b0-b001-4a61-ba33-2ac66f41c19e -v /opt/radcis/ci.rad.levitte.org/cci/state/e0fa87b0-b001-4a61-ba33-2ac66f41c19e/s:/e0fa87b0-b001-4a61-ba33-2ac66f41c19e/s:ro -v /opt/radcis/ci.rad.levitte.org/cci/state/e0fa87b0-b001-4a61-ba33-2ac66f41c19e/w:/e0fa87b0-b001-4a61-ba33-2ac66f41c19e/w -w /e0fa87b0-b001-4a61-ba33-2ac66f41c19e/w -v /opt/radcis/ci.rad.levitte.org/.radicle:/${id}/.radicle:ro -e RAD_HOME=/${id}/.radicle rust:bookworm bash /e0fa87b0-b001-4a61-ba33-2ac66f41c19e/s/script.sh
+ cargo --version
info: syncing channel updates for '1.77-x86_64-unknown-linux-gnu'
info: latest update on 2024-04-09, rust version 1.77.2 (25ef9e3d8 2024-04-09)
info: downloading component 'cargo'
info: downloading component 'rust-std'
info: downloading component 'rustc'
info: installing component 'cargo'
info: installing component 'rust-std'
info: installing component 'rustc'
cargo 1.77.2 (e52e36006 2024-03-26)
+ rustc --version
rustc 1.77.2 (25ef9e3d8 2024-04-09)
+ cargo fmt --check
error: 'cargo-fmt' is not installed for the toolchain '1.77-x86_64-unknown-linux-gnu'.
To install, run `rustup component add --toolchain 1.77-x86_64-unknown-linux-gnu rustfmt`
Exit code: 1
{
"response": "finished",
"result": "failure"
}