Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Billion Laughs" attack yaml breaks language server #463

Closed
1 of 4 tasks
evidolob opened this issue May 18, 2021 · 0 comments
Closed
1 of 4 tasks

"Billion Laughs" attack yaml breaks language server #463

evidolob opened this issue May 18, 2021 · 0 comments
Assignees
@evidolob
Labels
bug

Comments

@evidolob
Copy link
Collaborator

Describe the bug

Related to kubernetes/kubernetes#83253

Yaml

apiVersion: v1
data:
  a: &a ["web","web","web","web","web","web","web","web","web"]
  b: &b [*a,*a,*a,*a,*a,*a,*a,*a,*a]
  c: &c [*b,*b,*b,*b,*b,*b,*b,*b,*b]
  d: &d [*c,*c,*c,*c,*c,*c,*c,*c,*c]
  e: &e [*d,*d,*d,*d,*d,*d,*d,*d,*d]
  f: &f [*e,*e,*e,*e,*e,*e,*e,*e,*e]
  g: &g [*f,*f,*f,*f,*f,*f,*f,*f,*f]
  h: &h [*g,*g,*g,*g,*g,*g,*g,*g,*g]
  i: &i [*h,*h,*h,*h,*h,*h,*h,*h,*h]
kind: ConfigMap
metadata:
  name: yaml-bomb
  namespace: default

Coease a huge cpu load and vscode reports that yaml language server failed to launch 5 times.

It seems that new parser wasn't affected but it requires double check.

Expected Behavior

LS work normally

Current Behavior

LS crushed

Steps to Reproduce

  1. Just put provided yaml sample in editor

Environment

  • Windows
  • Mac
  • Linux
  • other (please specify)
@evidolob evidolob added the bug label May 18, 2021
@evidolob evidolob self-assigned this May 18, 2021
evidolob added a commit to evidolob/yaml-language-server that referenced this issue May 18, 2021
@evidolob
redhat-developer#463 fix "Billion Laughs" attack
f9641f0 
Signed-off-by: Yevhen Vydolob <[email protected]>
@evidolob evidolob mentioned this issue May 18, 2021
Merged
evidolob added a commit that referenced this issue May 18, 2021
@evidolob
#463 fix "Billion Laughs" attack
f5e2fd9 
Signed-off-by: Yevhen Vydolob <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@evidolob evidolob

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@evidolob