From 67eacb8ddaca0e9b04f5d11d83fcdfeed08825c7 Mon Sep 17 00:00:00 2001 From: Brandur Date: Mon, 12 Aug 2019 10:59:35 -0700 Subject: [PATCH] Update webhook handler example to use `http.MaxBytesReader` Updates the webhook handler example to use `http.MaxBytesReader` to protect against a malicious client streaming an endless request body. We're making a similar change in our server side documentation examples, so I'm updating this spot as well for consistency. --- webhook/client_handler_test.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/webhook/client_handler_test.go b/webhook/client_handler_test.go index 4c5fa398df..6d167ae170 100644 --- a/webhook/client_handler_test.go +++ b/webhook/client_handler_test.go @@ -11,6 +11,10 @@ import ( func Example() { http.HandleFunc("/webhook", func(w http.ResponseWriter, req *http.Request) { + // Protects against a malicious client streaming us an endless requst + // body + const MaxBodyBytes = int64(65536) + req.Body = http.MaxBytesReader(w, req.Body, MaxBodyBytes) body, err := ioutil.ReadAll(req.Body) if err != nil {