Limits SPARQL query size

Avoids simple DDOS attack of posting very big queries
pull/10/head
Tpt 5 years ago
parent 0577b644c0
commit 3d1cb137d9
  1. 11
      server/src/main.rs

@ -13,6 +13,7 @@ use rudf::{
use std::io::{BufReader, Read}; use std::io::{BufReader, Read};
use std::sync::Arc; use std::sync::Arc;
const MAX_SPARQL_BODY_SIZE: u64 = 1048576;
const HTML_ROOT_PAGE: &str = include_str!("../templates/query.html"); const HTML_ROOT_PAGE: &str = include_str!("../templates/query.html");
pub fn main() { pub fn main() {
@ -95,15 +96,19 @@ fn handle_request<R: RepositoryConnection>(
request, request,
), ),
("/query", "POST") => { ("/query", "POST") => {
if let Some(mut body) = request.data() { if let Some(body) = request.data() {
if let Some(content_type) = request.header("Content-Type") { if let Some(content_type) = request.header("Content-Type") {
if content_type.starts_with("application/sparql-query") { if content_type.starts_with("application/sparql-query") {
let mut buffer = String::default(); let mut buffer = String::default();
body.read_to_string(&mut buffer).unwrap(); body.take(MAX_SPARQL_BODY_SIZE)
.read_to_string(&mut buffer)
.unwrap();
evaluate_sparql_query(connection, &buffer, request) evaluate_sparql_query(connection, &buffer, request)
} else if content_type.starts_with("application/x-www-form-urlencoded") { } else if content_type.starts_with("application/x-www-form-urlencoded") {
let mut buffer = Vec::default(); let mut buffer = Vec::default();
body.read_to_end(&mut buffer).unwrap(); body.take(MAX_SPARQL_BODY_SIZE)
.read_to_end(&mut buffer)
.unwrap();
evaluate_urlencoded_sparql_query(connection, &buffer, request) evaluate_urlencoded_sparql_query(connection, &buffer, request)
} else { } else {
Response::text(format!( Response::text(format!(

Loading…
Cancel
Save