Prevent DDoS attacks by limiting the size of the graph

LasseBlaauwbroek · LasseBlaauwbroek · commit ea1c531b4458 · 2023-10-30T13:32:30.000+01:00
diff --git a/pytact/graph_visualize_browse.py b/pytact/graph_visualize_browse.py
@@ -48,6 +48,7 @@ class Settings:
     max_size: int = 100
 
     def __post_init__(self):
+        self.max_size = min(10000, self.max_size) # Prevent DDoS attacks by limiting the size of the graph
         if not self.no_defaults:
             self.ignore_edges = [graph_api_capnp.EdgeClassification.schema.enumerants['constOpaqueDef']]
             label = graph_api_capnp.Graph.Node.Label
diff --git a/pytact/templates/visualizer.html b/pytact/templates/visualizer.html
@@ -180,7 +180,7 @@
                     <div class="field">
                         <div class="ui grid">
                             <div class="five wide column">
-                                <input type="number" id="max_size" name="max_size" min="1"
+                                <input type="number" id="max_size" name="max_size" min="1" max="10000"
                                        style="width:5.5rem" value="{{ settings.max_size }}">
                             </div>
                             <div class="eleven wide column middle aligned">
