Skip to content
#

beego

Star

Here are 272 public repositories matching this topic...

Language: All
Filter by language
All 272 Go 160 JavaScript 40 Smarty 29 HTML 17 CSS 8 Vue 4 Shell 2 Dockerfile 1 PHP 1 TypeScript 1
Sort: Best match
Sort options
Best match Most stars Fewest stars Most forks Fewest forks Recently updated Least recently updated

astaxie / beego

Star
Open

multipart form数据自动缓存可能导致磁盘被恶意提交的数据占满,能否增加开关控制

3
bysph
bysph commented Sep 14, 2020

描述:
我发现框架会自动在接口路由匹配前将multipart form数据缓存到磁盘中(当大于设定的允许内存读取大小时),并且缓存时是没有对大小进行限制的。该设计可能会导致客户端通过少量请求恶意提交大量数据将服务端磁盘临时占满。

当前处理方式:
增加一个BeforeStatic的过滤器,用于拦截所有携带multipart form数据的请求。不过该场景还是比较通用的,让每个使用beego框架的项目增加这个逻辑会比较冗余。

需求:
能否增加一个配置项用来控制是否由框架自动缓存呢?关闭的情况下,如果接口需要缓存,可以自行在handler中调用parsemultiform方法进行缓存。

相关代码行:
https://github.com/astaxie/beego/blob/f6519b29a846bdf59a2b86baa011c242f78387d5/router.

Read more
area/context good first issue help-wanted kind/bug
Find more good first issues

chanyipiaomiao / devops-api

Star

Golang + Beego 编写 提供开发/运维常用操作的HTTP API接口: 手机归属地查询、IP地址查询、工作日节假日判断、微信报警、钉钉报警、2步验证、密码存储、发送邮件、生成随机密码等功能

go api golang devops alert password md5 holiday weixin google-authenticator two-factor-authentication sendmail beego password-store dingding dingtalk holiday-api devops-api weixin-alert dingding-alert
  • Updated Apr 2, 2019
  • Go

Improve this page

Add a description, image, and links to the beego topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the beego topic, visit your repo's landing page and select "manage topics."

Learn more

You can’t perform that action at this time.