foster/denoland-deno
0
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-02-20 12:22:52 -05:00
Code Issues Packages 1 Wiki Activity

fix(ext/webstorage): check size of inputs before insert (#18087)

Browse source
This commit is contained in:
Divy Srivastava 2023-03-09 17:58:51 +05:30 committed by Yoshiya Hinosawa
parent 9ebbd23ced
commit 716409e81e
2 changed files with 48 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
cli/tests/unit/webstorage_test.ts
View file

@ -1,7 +1,7 @@
// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license. // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
// deno-lint-ignore-file no-explicit-any // deno-lint-ignore-file no-explicit-any
import { assert } from "./test_util.ts"; import { assert, assertThrows } from "./test_util.ts";
Deno.test({ permissions: "none" }, function webStoragesReassignable() { Deno.test({ permissions: "none" }, function webStoragesReassignable() {
// Can reassign to web storages // Can reassign to web storages
@ -11,3 +11,32 @@ Deno.test({ permissions: "none" }, function webStoragesReassignable() {
assert(globalThis.localStorage instanceof globalThis.Storage); assert(globalThis.localStorage instanceof globalThis.Storage);
assert(globalThis.sessionStorage instanceof globalThis.Storage); assert(globalThis.sessionStorage instanceof globalThis.Storage);
}); });
Deno.test(function webstorageSizeLimit() {
localStorage.clear();
assertThrows(
() => {
localStorage.setItem("k", "v".repeat(15 * 1024 * 1024));
},
Error,
"Exceeded maximum storage size",
);
assert(localStorage.getItem("k") === null);
assertThrows(
() => {
localStorage.setItem("k".repeat(15 * 1024 * 1024), "v");
},
Error,
"Exceeded maximum storage size",
);
assertThrows(
() => {
localStorage.setItem(
"k".repeat(5 * 1024 * 1024),
"v".repeat(5 * 1024 * 1024),
);
},
Error,
"Exceeded maximum storage size",
);
});

27
ext/webstorage/lib.rs
View file

@ -19,7 +19,7 @@ pub use rusqlite;
#[derive(Clone)] #[derive(Clone)]
struct OriginStorageDir(PathBuf); struct OriginStorageDir(PathBuf);
const MAX_STORAGE_BYTES: u32 = 10 * 1024 * 1024; const MAX_STORAGE_BYTES: usize = 10 * 1024 * 1024;
pub fn init(origin_storage_dir: Option<PathBuf>) -> Extension { pub fn init(origin_storage_dir: Option<PathBuf>) -> Extension {
Extension::builder_with_deps(env!("CARGO_PKG_NAME"), &["deno_webidl"]) Extension::builder_with_deps(env!("CARGO_PKG_NAME"), &["deno_webidl"])
@ -133,6 +133,20 @@ pub fn op_webstorage_key(
Ok(key) Ok(key)
} }
#[inline]
fn size_check(input: usize) -> Result<(), AnyError> {
if input >= MAX_STORAGE_BYTES {
return Err(
deno_web::DomExceptionQuotaExceededError::new(
"Exceeded maximum storage size",
)
.into(),
);
}
Ok(())
}
#[op] #[op]
pub fn op_webstorage_set( pub fn op_webstorage_set(
state: &mut OpState, state: &mut OpState,
@ -142,18 +156,13 @@ pub fn op_webstorage_set(
) -> Result<(), AnyError> { ) -> Result<(), AnyError> {
let conn = get_webstorage(state, persistent)?; let conn = get_webstorage(state, persistent)?;
size_check(key.len() + value.len())?;
let mut stmt = conn let mut stmt = conn
.prepare_cached("SELECT SUM(pgsize) FROM dbstat WHERE name = 'data'")?; .prepare_cached("SELECT SUM(pgsize) FROM dbstat WHERE name = 'data'")?;
let size: u32 = stmt.query_row(params![], |row| row.get(0))?; let size: u32 = stmt.query_row(params![], |row| row.get(0))?;
if size >= MAX_STORAGE_BYTES { size_check(size as usize)?;
return Err(
deno_web::DomExceptionQuotaExceededError::new(
"Exceeded maximum storage size",
)
.into(),
);
}
let mut stmt = conn let mut stmt = conn
.prepare_cached("INSERT OR REPLACE INTO data (key, value) VALUES (?, ?)")?; .prepare_cached("INSERT OR REPLACE INTO data (key, value) VALUES (?, ?)")?;