Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix code scanning alert - Missing rate limiting #8

Closed
1 task done
Bellisario opened this issue Jul 14, 2022 · 0 comments · Fixed by #9
Closed
1 task done

Fix code scanning alert - Missing rate limiting #8

Bellisario opened this issue Jul 14, 2022 · 0 comments · Fixed by #9
Assignees
@Bellisario
Labels
bug Something isn't working

Comments

@Bellisario
Copy link
Owner

Bellisario commented Jul 14, 2022
edited

Tracking issue for:

Should be introduced ASAP a fix for this vulnerability since an user could use DDoS attacks to shut down the entire application just by requesting index.html.

I think I'll fix this using express-rate-limit.

This is not a really high severity vulnerability since Heroku hosting has an internal DDoS attack protection, but this is really bad instead for users hosting their own node-snapdrop server.
@Bellisario Bellisario added the bug Something isn't working label Jul 14, 2022
@Bellisario Bellisario self-assigned this Jul 14, 2022
@Bellisario Bellisario pinned this issue Jul 14, 2022
@Bellisario Bellisario linked a pull request Jul 14, 2022 that will close this issue
Add rate limits #9
Merged
@Bellisario Bellisario unpinned this issue Sep 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Bellisario Bellisario

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add rate limits Bellisario/node-snapdrop
1 participant
@Bellisario