Expand description

async-read-length-limit

Protects against a certain class of denial-of-service attacks wherein long chunked bodies are uploaded to web services. Can be applied to any AsyncRead type.

Examples

use futures_lite::{io::Cursor, AsyncReadExt};
use async_read_length_limit::LengthLimitExt;

// input longer than limit returns an error and only reads bytes up to the limit

let input_data = Cursor::new(b"these are the input data");
let mut output_buf = Vec::new();
let result = input_data.limit_bytes(5).read_to_end(&mut output_buf).await;
assert!(result.is_err());
assert_eq!(output_buf, b"these");

// input shorter than limit reads transparently

let input_data = Cursor::new(b"these are the input data");
let mut output_buf = Vec::new();
let result = input_data.limit_kb(1).read_to_end(&mut output_buf).await;
assert!(result.is_ok());
assert_eq!(output_buf, b"these are the input data");

Structs

Traits

  • Extension trait to add length limiting behavior to any AsyncRead