github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-01 01:24:48 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Set sane default for Net::HTTP when processing a request (#28141)

Browse Source 
This commit patches `Net::HTTP` to reduce the default timeouts of 60
seconds when we are processing a request. There are certain routes in
Discourse which makes external requests and if the proper timeouts are
not set, we risk having the Unicorn master process force restarting the
Unicorn workers once the `30` seconds timeout is reached. This can
potentially become a vector for DoS attacks and this commit is aimed at
reducing the risk here.
This commit is contained in:
Alan Guo Xiang Tan
2024-08-06 07:12:42 +08:00
committed by GitHub
parent a333d71d4c
commit 2492fe7715
7 changed files with 87 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
spec/requests/net_http_timeout_spec.rb Normal file
View File

@ -0,0 +1,20 @@
# frozen_string_literal: true
RSpec.describe "Net::HTTP timeouts when processing a request" do
it "should set the right timeouts for any `Net::HTTP` instances intialized while processing a request" do
stub_const(NetHTTPPatch, :OPEN_TIMEOUT, 0.001) do
stub_const(NetHTTPPatch, :READ_TIMEOUT, 0.002) do
stub_const(NetHTTPPatch, :WRITE_TIMEOUT, 0.003) do
get "/test_net_http_timeouts.json"
parsed = response.parsed_body
expect(parsed["open_timeout"]).to eq(0.001)
expect(parsed["read_timeout"]).to eq(0.002)
expect(parsed["write_timeout"]).to eq(0.003)
expect(parsed["max_retries"]).to eq(0)
end
end
end
end
end