diff options
| author | Mary Umoh <umohm12@gmail.com> | 2017-06-30 01:03:46 +0200 |
|---|---|---|
| committer | Dylan William Hardison <dylan@hardison.net> | 2017-07-07 00:19:20 +0200 |
| commit | 4c9f9a8c49e9f25096ee3b6982b197e9efa6dd60 (patch) | |
| tree | 21fd41e87f0838321f4494f784fd94bc1f1b679f /Bugzilla | |
| parent | 662b0801c0e429b7d83c2ad6ed47a0293f10ff5e (diff) | |
| download | bugzilla-4c9f9a8c49e9f25096ee3b6982b197e9efa6dd60.tar.gz bugzilla-4c9f9a8c49e9f25096ee3b6982b197e9efa6dd60.tar.xz | |
Bug 1355169 - Add rate-limiting to show_bug.cgi and rest.cgi
* fix mistake
* Update
* Updates
* remove other file
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Config/Admin.pm | 33 | ||||
| -rw-r--r-- | Bugzilla/WebService/Bug.pm | 5 |
2 files changed, 37 insertions, 1 deletions
diff --git a/Bugzilla/Config/Admin.pm b/Bugzilla/Config/Admin.pm index 74748d3d8..5f10bfef3 100644 --- a/Bugzilla/Config/Admin.pm +++ b/Bugzilla/Config/Admin.pm @@ -12,6 +12,9 @@ use strict; use warnings; use Bugzilla::Config::Common; +use JSON::XS qw(decode_json); +use List::MoreUtils qw(all); +use Scalar::Util qw(looks_like_number); our $sortkey = 200; @@ -44,6 +47,19 @@ sub get_param_list { }, { + name => 'rate_limit_active', + type => 'b', + default => 1, + }, + + { + name => 'rate_limit_rules', + type => 'l', + default => '{"get_bug": [75, 60], "show_bug": [75, 60]}', + checker => \&check_rate_limit_rules, + }, + + { name => 'log_user_requests', type => 'b', default => 0, @@ -51,4 +67,21 @@ sub get_param_list { return @param_list; } +sub check_rate_limit_rules { + my $rules = shift; + + my $val = eval { decode_json($rules) }; + return "failed to parse json" unless defined $val; + return "value is not HASH" unless ref $val && ref($val) eq 'HASH'; + return "rules are invalid" unless all { + ref($_) eq 'ARRAY' && looks_like_number( $_->[0] ) && looks_like_number( $_->[1] ) + } values %$val; + + foreach my $required (qw( show_bug get_bug )) { + return "missing $required" unless exists $val->{$required}; + } + + return ""; +} + 1; diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm index 78545e129..97dd46d0e 100644 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -22,7 +22,7 @@ use Bugzilla::WebService::Constants; use Bugzilla::WebService::Util qw(extract_flags filter filter_wants validate translate); use Bugzilla::Bug; use Bugzilla::BugMail; -use Bugzilla::Util qw(trick_taint trim detaint_natural); +use Bugzilla::Util qw(trick_taint trim detaint_natural remote_ip); use Bugzilla::Version; use Bugzilla::Milestone; use Bugzilla::Status; @@ -398,6 +398,9 @@ sub _translate_comment { sub get { my ($self, $params) = validate(@_, 'ids'); + unless (Bugzilla->user->id) { + Bugzilla->check_rate_limit("get_bug", remote_ip()); + } Bugzilla->switch_to_shadow_db() unless Bugzilla->user->id; my $ids = $params->{ids}; |