Skip to content

Security: Add zero-byte config data rejection #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jkebinger merged 3 commits into from
Sep 29, 2025
Merged

Security: Add zero-byte config data rejection #12

jkebinger merged 3 commits into from
Sep 29, 2025

Conversation

@jkebinger
Copy link
Collaborator

@jkebinger jkebinger commented Sep 29, 2025

Summary

Implements comprehensive zero-byte protobuf rejection across all config loading mechanisms to prevent potential security issues from malformed data.

Security Features

  • ✅ Reject zero-byte config data from HTTP responses with IllegalArgumentException
  • ✅ Reject zero-byte config data from cache with IllegalArgumentException
  • ✅ Ignore zero-byte config data from SSE streams with warning logs
  • ✅ Exceptions trigger internal retry logic without propagating to embedding applications

Implementation Details

  • HttpClient: Added zero-byte validation in requestConfigsFromURI() for HTTP responses and cached data
  • SseConfigStreamingSubscriber: Added zero-byte detection in FlowSubscriber.onNext() for SSE streams
  • Logging: All rejections logged with appropriate warning messages for debugging
  • Exception Handling: Uses exceptions only for internal retry logic, prevents propagation to embedding apps

Test Coverage

  • ✅ 4 new HttpClient tests covering zero-byte rejection from HTTP responses, cache, and valid config processing
  • ✅ 5 new SseConfigStreamingSubscriber tests covering zero-byte SSE data, empty payloads, and valid processing
  • ✅ Fixed existing tests to use valid non-zero protobuf data instead of empty default instances
  • ✅ All tests pass (15 total tests for zero-byte functionality)

Test plan

  • Verify zero-byte HTTP responses are rejected with IllegalArgumentException
  • Verify zero-byte cached data is rejected with IllegalArgumentException
  • Verify zero-byte SSE data is ignored with warning logs
  • Verify valid config processing continues to work normally
  • Verify exceptions trigger retry logic but don't propagate to embedding apps
  • Run full test suite to ensure no regressions

🤖 Generated with Claude Code

jkebinger and others added 3 commits September 29, 2025 11:49
@jkebinger @claude
Add zero-byte config data rejection for security
ba6f815 
Implement comprehensive zero-byte protobuf rejection across all config loading mechanisms to prevent potential security issues from malformed data:

Security Features:
- Reject zero-byte config data from HTTP responses with IllegalArgumentException
- Reject zero-byte config data from cache with IllegalArgumentException
- Ignore zero-byte config data from SSE streams with warning logs
- Exceptions trigger internal retry logic without propagating to embedding applications

Implementation Details:
- HttpClient: Added zero-byte validation in requestConfigsFromURI() for HTTP responses and cached data
- SseConfigStreamingSubscriber: Added zero-byte detection in FlowSubscriber.onNext() for SSE streams
- All rejections logged with appropriate warning messages for debugging

Test Coverage:
- 4 new HttpClient tests covering zero-byte rejection from HTTP responses, cache, and valid config processing
- 5 new SseConfigStreamingSubscriber tests covering zero-byte SSE data, empty payloads, and valid processing
- Fixed existing tests to use valid non-zero protobuf data instead of empty default instances

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@jkebinger @claude
Bump version to 0.3.27
aeb98f3 
🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@jkebinger @claude
Update child module versions to 0.3.27
76aac06 
🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
jdwyah
jdwyah approved these changes Sep 29, 2025
View reviewed changes
Copy link
Contributor

@jdwyah jdwyah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks

@jkebinger jkebinger merged commit 0bde383 into main Sep 29, 2025
1 check passed
@jkebinger jkebinger deleted the security/zero-byte-config-rejection branch September 29, 2025 19:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jdwyah jdwyah jdwyah approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jkebinger @jdwyah