logstash-codec-json icon indicating copy to clipboard operation
logstash-codec-json copied to clipboard
verified publisher icon logstash-plugins

make decoder check size of string before parsing the json

Open jsvd opened this issue 9 years ago • 2 comments

This codec is a privileged position to avoid the creation of huge events from arbitrarily large json documents. Although the string itself has been alocated, if this codec had a size limit, we could prevent further damage down the pipeline flow.

All we need is a setting that by default is limited to some size like 50k, and here we can loudly refuse to parse the json if the json.byte_size is beyond that limit.

Thoughts?

jsvd avatar Nov 03 '16 18:11 jsvd

What action would be taken if an event is too large?

jordansissel avatar Dec 01 '16 00:12 jordansissel

As long as the default is no truncation or max size of 0 / -1.

I deal with json events where the payload is often 500,000 characters and well beyond. It's not ideal for high volume throughput, but the need is there. Adding a default to 50k would only break existing things in my opinion.

gwsales avatar Sep 27 '23 16:09 gwsales