github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 00:11:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): enforce bounded webhook body handling

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-13 19:14:36 +01:00
parent 2f9c523bbe
commit 3cbcba10cf
20 changed files with 834 additions and 281 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/gateway/http-common.ts
View File

@@ -58,6 +58,18 @@ export async function readJsonBodyOrError(
): Promise<unknown> {
const body = await readJsonBody(req, maxBytes);
if (!body.ok) {
if (body.error === "payload too large") {
sendJson(res, 413, {
error: { message: "Payload too large", type: "invalid_request_error" },
});
return undefined;
}
if (body.error === "request body timeout") {
sendJson(res, 408, {
error: { message: "Request body timeout", type: "invalid_request_error" },
});
return undefined;
}
sendInvalidRequest(res, body.error);
return undefined;
}