Skip to content

Max bytes limit#3

Merged
ytkg merged 5 commits intoytkg:mainfrom
timgentry:feature/max_bytes-limit
Jan 9, 2026
Merged

Max bytes limit#3
ytkg merged 5 commits intoytkg:mainfrom
timgentry:feature/max_bytes-limit

Conversation

@timgentry
Copy link
Copy Markdown
Contributor

@timgentry timgentry commented Jan 5, 2026
edited
Loading

What?

Added input size limit protection to help prevent memory exhaustion DoS attacks. The max_bytes option (default: 10MB) can be configured in both JSONC.parse and JSONC.load_file methods to reject excessively large inputs that could crash applications processing untrusted JSONC files.

Why?

Memory exhaustion is a security and reliability concern where crafted large inputs can exhaust application memory and cause denial-of-service attacks. Without size limits, an attacker could submit a multi-gigabyte JSONC file that would crash the server during preprocessing. The fix ensures graceful rejection of oversized inputs while providing flexibility for legitimate large files.

How?

Added size checks before parsing that validate input size against configured limit. The implementation:

  1. For parse: Checks string bytesize before comment removal and JSON parsing begins
  2. For load_file: Checks file size using File.size(path) BEFORE reading the file into memory, preventing memory allocation of huge files
  3. Raises JSON::ParserError with descriptive message for consistency with Ruby's JSON parser
  4. Deletes max_bytes from options before passing to JSON.parse to ensure the option doesn't interfere with downstream JSON parsing
  5. Sets reasonable default of 10MB (10,485,760 bytes) that covers typical use cases while preventing DoS

Note: The size limit applies to raw JSONC input (including comments and whitespace) before sanitization.

Testing?

Added 6 new test cases covering:

  1. Rejecting input exceeding default 10MB limit
  2. Accepting input within default limit (1MB)
  3. Respecting custom max_bytes option (tiny limit: 5 bytes)
  4. Allowing larger input with custom limit (15MB with 20MB limit)
  5. load_file rejects oversized files (checks size before reading)
  6. load_file accepts files within limit

All 18 tests pass (12 existing + 6 new). Tests verify both positive and negative cases for default and custom limits across both parse and load_file methods.

Anything Else?

No, thanks.

ytkg
ytkg reviewed Jan 6, 2026
View reviewed changes
lib/jsonc.rb Outdated
end

def self.load_file(path, **opts)
max_bytes = opts.fetch(:max_bytes, DEFAULT_MAX_BYTES)
Copy link
Copy Markdown
Owner

@ytkg ytkg Jan 6, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was the difference in handling max_bytes intentional?
load_file uses opts.fetch(:max_bytes, DEFAULT_MAX_BYTES), so passing max_bytes: nil results in max_bytes being nil and file_size > max_bytes can raise a TypeError.

Copy link
Copy Markdown
Contributor Author

@timgentry timgentry Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure why, great spot, thanks. I've added tests for parse and load_file max_bytes: nil.

Copy link
Copy Markdown
Owner

@ytkg ytkg Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you. I will release it soon as version 0.2.0.

@timgentry timgentry requested a review from ytkg January 7, 2026 10:00
@ytkg ytkg merged commit 19ac751 into ytkg:main Jan 9, 2026
8 checks passed
@timgentry timgentry deleted the feature/max_bytes-limit branch January 9, 2026 10:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ytkg ytkg Awaiting requested review from ytkg

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@timgentry @ytkg