forked from mirrors/pkg-proxy
POST endpoints (/api/outdated, /api/bulk) now reject bodies over 1 MB using http.MaxBytesReader. Upstream metadata reads (npm, pypi, composer, nuget, pub) now use io.LimitReader capped at 50 MB to prevent OOM from unexpectedly large responses.
34 lines
781 B
Go
34 lines
781 B
Go
package handler
|
|
|
|
import (
|
|
"bytes"
|
|
"testing"
|
|
)
|
|
|
|
func TestReadMetadata(t *testing.T) {
|
|
t.Run("small body", func(t *testing.T) {
|
|
data := []byte("hello world")
|
|
got, err := ReadMetadata(bytes.NewReader(data))
|
|
if err != nil {
|
|
t.Fatalf("unexpected error: %v", err)
|
|
}
|
|
if !bytes.Equal(got, data) {
|
|
t.Errorf("got %q, want %q", got, data)
|
|
}
|
|
})
|
|
|
|
t.Run("truncates at limit", func(t *testing.T) {
|
|
// Create a reader slightly larger than maxMetadataSize
|
|
data := make([]byte, maxMetadataSize+100)
|
|
for i := range data {
|
|
data[i] = 'x'
|
|
}
|
|
got, err := ReadMetadata(bytes.NewReader(data))
|
|
if err != nil {
|
|
t.Fatalf("unexpected error: %v", err)
|
|
}
|
|
if len(got) != int(maxMetadataSize) {
|
|
t.Errorf("got length %d, want %d", len(got), maxMetadataSize)
|
|
}
|
|
})
|
|
}
|