graphene-protector icon indicating copy to clipboard operation
graphene-protector copied to clipboard
verified publisher icon devkral

improve checking inputs

Open devkral opened this issue 1 year ago • 0 comments

Currently we parse the ast, but resource attacks can be executed earlier (when the ast is built)

Is there a way to get the input string first and analyze it?

Or are we able to limit the AST builder in such a way, it cannot be abused? Eg. the stack can be exhausted by high depths before any validation takes place

devkral avatar Mar 18 '24 12:03 devkral