fix(review): address review 2792 feedback
- Document nodeCount overcounting as intentional conservative behavior (bounds total validation work, not unique nodes) - Improve TestYAMLDeeplyNestedRejection comment with concrete depth trace - Replace outdated gopkg.in/yaml.v3 pseudocode in design doc with reference to authoritative implementation - Update PR description to clarify pre-approval via issue #57
This commit is contained in:
claw
+5
-1
@@ -224,7 +224,11 @@ func checkYAMLDepth(node ast.Node, depth, maxDepth, maxNodes int, validated map[
|
||||
}
|
||||
|
||||
// Track total nodes visited as defense-in-depth against wide-but-shallow attacks.
|
||||
// Placed after cycle detection to avoid over-counting cyclic references.
|
||||
// Placed after cycle detection but before the depth-aware short-circuit. This means
|
||||
// nodes revisited at shallower depths (via aliases) are counted each time they are
|
||||
// encountered — intentional conservative overcounting. This bounds the total work
|
||||
// performed during validation rather than tracking unique nodes, which is the safer
|
||||
// security posture for untrusted YAML input.
|
||||
*nodeCount++
|
||||
if *nodeCount > maxNodes {
|
||||
return fmt.Errorf("YAML node count exceeds maximum (%d)", maxNodes)
|
||||
|
||||
Reference in New Issue
Block a user