From 76a66a46e1bb8f17555cd95a946fd8dc5e806d05 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Thu, 8 May 2025 17:01:35 -0400 Subject: [PATCH] Restrict maximum attribute size from formatting If an expression causes an inordinate amount of memory to be used, then block it from continuing. For now, we consider that an expression that expands beyond 16k. I am unable to conceive of a use case where someone would want to use an expression to derive more than 16k as it stands, as we don't carry any particularly large opaque payloads right now. --- confluent_server/confluent/config/configmanager.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/confluent_server/confluent/config/configmanager.py b/confluent_server/confluent/config/configmanager.py index af9c8a39..58b1f167 100644 --- a/confluent_server/confluent/config/configmanager.py +++ b/confluent_server/confluent/config/configmanager.py @@ -1112,7 +1112,10 @@ class _ExpressionFormat(string.Formatter): val = int(val) except Exception: pass - return format(val, format_spec) + formatted = format(val, format_spec) + if len(formatted) > 16384: + raise Exception('Field length exceeded during formatting') + return formatted def _handle_ast_node(self, node): if isinstance(node, ast.Num):