Skip to content
This repository was archived by the owner on Mar 10, 2020. It is now read-only.

Commit 73dc2fc

Browse files
author
Alan Shaw
committed
fix: validate and coerce count param for read in HTTP API
When using the legacy `count` param, it's value wasn't being validated or coerced into an integer from a string. It meant that a call to `http://localhost:5001/api/v0/files/read?offset=0&count=4096&arg=/gif/515f726a7087d.jpg&stream-channels=true` would produce a `count` value of `"4096"` and cause MFS to read the whole file! There should probably be some better validation at the exporter level too. License: MIT Signed-off-by: Alan Shaw <[email protected]>
1 parent 2f0c4b4 commit 73dc2fc

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

src/http/read.js

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,8 @@ const mfsRead = {
5151
query: Joi.object().keys({
5252
arg: Joi.string().required(),
5353
offset: Joi.number().integer().min(0),
54-
length: Joi.number().integer().min(0)
54+
length: Joi.number().integer().min(0),
55+
count: Joi.number().integer().min(0)
5556
})
5657
.rename('o', 'offset', {
5758
override: true,

0 commit comments

Comments
 (0)