Prompt
Implement protective limits for network operations to prevent resource exhaustion and denial-of-service attacks. Network operations should have bounded resource consumption to avoid overwhelming servers or clients.
Key areas to address:
- Pagination limits: Set maximum page counts and track visited pages to prevent infinite loops in collection traversal
- Connection management: Consume response bodies within reasonable limits (e.g., 1MB) for persistent connections, closing connections when limits are exceeded
- Subscription churn: Avoid creating excessive per-resource network channels that cause high subscribe/unsubscribe load
Example implementation for pagination protection:
def collection_items(collection_or_uri)
visited_pages = Set.new
page_count = 0
max_pages = 50
while collection.is_a?(Hash) && page_count < max_pages
return if visited_pages.include?(collection['id'])
visited_pages.add(collection['id'])
# Process items...
page_count += 1
collection = collection['next'].present? ? fetch_collection(collection['next']) : nil
end
end
This prevents attackers from creating infinite pagination loops while ensuring legitimate large collections can still be processed within reasonable bounds.