historyarchive: add size bound to GetPathHAS to prevent resource exhaustion#5918
Merged
tamirms merged 2 commits intostellar:mainfrom Mar 13, 2026
Merged
historyarchive: add size bound to GetPathHAS to prevent resource exhaustion#5918tamirms merged 2 commits intostellar:mainfrom
tamirms merged 2 commits intostellar:mainfrom
Conversation
…ustion Wrap the reader with io.LimitReader (10 MB) before JSON decoding to prevent unbounded memory allocation from malicious history archive responses. This follows the existing pattern in clients/stellartoml. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
tamirms
force-pushed
the
getpathhas-size-limit
branch
from
2dbe54a to
bd0c822
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR hardens history archive state fetching against oversized responses and also introduces an ingestion load-test mode (including snapshot/restore) plus supporting integration-test harness changes.
Changes:
- Add a 10MB read cap when decoding
stellar-history.jsoninArchive.GetPathHAS(). - Add Horizon ingestion “load-test” + “load-test-restore” commands, with DB snapshot/save/restore support.
- Update integration harness/config generation (dynamic peer port) and expand integration tests around load-test flows.
Reviewed changes
Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
historyarchive/archive.go |
Limit HAS JSON read size during decode. |
ingest/loadtest/ledger_backend.go |
Add completion sentinel (ErrLoadTestDone) and locking/cleanup behavior. |
services/horizon/cmd/ingest.go |
Add ingest load-test and ingest load-test-restore commands/flags. |
services/horizon/internal/ingest/main.go |
Add System.LoadTest(...) and terminal-error handling via runOptions. |
services/horizon/internal/ingest/fsm.go |
Gate start/build/resume on pending load-test snapshot checks. |
services/horizon/internal/ingest/loadtest.go |
Implement snapshot save/check + restore logic around load tests. |
services/horizon/internal/db2/history/main.go |
Extend IngestionQ with load-test restore state operations. |
services/horizon/internal/db2/history/key_value.go |
Implement load-test restore state in key-value store. |
services/horizon/internal/db2/history/key_value_test.go |
Add tests for load-test restore state storage semantics. |
services/horizon/internal/ingest/*_test.go |
Update mocks/tests for new load-test snapshot checks and runOptions. |
services/horizon/internal/integration/ingestion_load_test.go |
Add integration coverage for new CLI load-test/restore behavior. |
services/horizon/internal/test/integration/core_config.go |
Add configurable PEER_PORT in captive-core config template. |
services/horizon/internal/test/integration/integration.go |
Generate captive-core configs via helper + choose peer port when unset. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Shaptic
approved these changes
Mar 13, 2026
Contributor
Shaptic
left a comment
Shaptic
left a comment
There was a problem hiding this comment.
I assume the limit is way beyond what would really be needed to check HA state right?
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Contributor
Author
yes, this is what HAS looks like: https://history.stellar.org/prd/core-testnet/core_testnet_003/.well-known/stellar-history.json |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
GetPathHAS()withio.LimitReader(10 MB cap) before JSON decoding to prevent unbounded memory allocation from malicious/oversized history archive responsesclients/stellartoml/client.go🤖 Generated with Claude Code