[electrum] add a timeout and max data size when downloading a payment request
cd50851eb621
Actions

Description

[electrum] add a timeout and max data size when downloading a payment request

Summary:
Limit the size of payment requests to 1 MB, which should be plenty enough. Add also a 2 x 30 s timeout (first timeout for the initial request, second timeout for downloading the data chunks).

Depends on D16417

Test Plan:
python test_runner.py

I tested that a unit test fails if the data is garbage, with the following patch, to ensure coverage for the new way of getting the data.

diff --git a/electrum/electrumabc/paymentrequest.py b/electrum/electrumabc/paymentrequest.py
index 8c90cf8b70..18f0a1cad1 100644
--- a/electrum/electrumabc/paymentrequest.py
+++ b/electrum/electrumabc/paymentrequest.py
@@ -116,7 +116,7 @@ def get_payment_request(url):
     data = b""
     start = time.time()
     for chunk in response.iter_content(1024):
-        data += chunk
+        data += b"garbage"
         if len(data) > 1_000_000:
             return PaymentRequest(data=None, error="oversized payment request data")
         if time.time() - start > timeout:

Run the application, paste this payment URI in the "pay to" field and check for the expected error message "oversized payment request data" after a short time.
ecash:?r=http://212.183.159.230/512MB.zip

Redo this test after bumping the max size from 1_000_000 to 100_000_000 and check for the expected error dialog about the timeout.

Reviewers: #bitcoin_abc, Fabien

Reviewed By: #bitcoin_abc, Fabien

Subscribers: Fabien

Differential Revision: https://reviews.bitcoinabc.org/D16415