[electrum] add a timeout and max data size when downloading a payment request
ClosedPublic
Actions

Authored by PiRK on Jul 3 2024, 15:50.

Details

Reviewers

Fabien

Group Reviewers

Restricted Project

Commits

rABCcd50851eb621: [electrum] add a timeout and max data size when downloading a payment request

Summary

Limit the size of payment requests to 1 MB, which should be plenty enough. Add also a 2 x 30 s timeout (first timeout for the initial request, second timeout for downloading the data chunks).

Depends on D16417

Test Plan

python test_runner.py

I tested that a unit test fails if the data is garbage, with the following patch, to ensure coverage for the new way of getting the data.

diff --git a/electrum/electrumabc/paymentrequest.py b/electrum/electrumabc/paymentrequest.py
index 8c90cf8b70..18f0a1cad1 100644
--- a/electrum/electrumabc/paymentrequest.py
+++ b/electrum/electrumabc/paymentrequest.py
@@ -116,7 +116,7 @@ def get_payment_request(url):
     data = b""
     start = time.time()
     for chunk in response.iter_content(1024):
-        data += chunk
+        data += b"garbage"
         if len(data) > 1_000_000:
             return PaymentRequest(data=None, error="oversized payment request data")
         if time.time() - start > timeout:

Run the application, paste this payment URI in the "pay to" field and check for the expected error message "oversized payment request data" after a short time.
ecash:?r=http://212.183.159.230/512MB.zip

Redo this test after bumping the max size from 1_000_000 to 100_000_000 and check for the expected error dialog about the timeout.

Diff Detail

Repository

rABC Bitcoin ABC

Branch

electrum_limit_bip72_wqdl

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 29465
Build 58466: Build Diff	electrum-tests
Build 58465: arc lint + arc unit

Event Timeline

PiRK created this revision.Jul 3 2024, 15:50

Herald added a reviewer: Restricted Project. · View Herald TranscriptJul 3 2024, 15:50

PiRK edited the summary of this revision. (Show Details)Jul 3 2024, 15:52

PiRK added a parent revision: D16414: [electrum] remove indentation levels in get_payment_request.

Harbormaster completed remote builds in B29461: Diff 48485.Jul 3 2024, 15:52

Fabien added a subscriber: Fabien.Jul 3 2024, 15:57

Fabien added inline comments.

electrum/electrumabc/paymentrequest.py
109 ↗	(On Diff #48485)	bump it, you don't want spurious timeouts due to network latency
139 ↗	(On Diff #48485)	Not requesting changes, but why is there a print_error on success ?

PiRK added inline comments.Jul 3 2024, 17:39

electrum/electrumabc/paymentrequest.py
122 ↗	(On Diff #48485)	Note that `len(...)` has O(1) complexity in python. The len is kept as a counter internally.
139 ↗	(On Diff #48485)	`print_error` is used all over this codebase for logging. Some day I will fix this by backporting https://github.com/spesmilo/electrum/pull/5296, but it always seemed like a low priority task