rogee/superpowers
1
0
Fork 0
mirror of https://github.com/obra/superpowers.git synced 2026-06-11 13:19:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(brainstorming): cap websocket frame payloads

Browse Source
This commit is contained in:
Rahul
2026-05-15 16:24:45 +05:30
committed by Drew Ritter
parent f3f0789c5c
commit d7c260a978
2 changed files with 26 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
tests/brainstorm-server/ws-protocol.test.js
View File

@@ -329,6 +329,21 @@ function runTests() {
assert.strictEqual(result.payload.length, 65536);
});
test('rejects oversized 64-bit frames before payload allocation', () => {
const mask = Buffer.from([0x00, 0x00, 0x00, 0x00]);
const header = Buffer.alloc(14);
header[0] = 0x81; // FIN + TEXT
header[1] = 0x80 | 127; // masked, 64-bit length
header.writeBigUInt64BE(BigInt(ws.MAX_FRAME_PAYLOAD_BYTES) + 1n, 2);
mask.copy(header, 10);
assert.throws(
() => ws.decodeFrame(header),
/exceeds maximum allowed size/i,
'oversized advertised payload must be rejected from header alone'
);
});
// ========== Close Frame with Status Code ==========
console.log('\n--- Close Frame Details ---');