Skip to content

chore: try to stress test dns #2987

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

chore: try to stress test dns #2987

wants to merge 2 commits into from

Conversation

@rix0rrr
Copy link
Contributor

@rix0rrr rix0rrr commented Sep 16, 2025

Problem

Issue number, if available:

Changes

Corresponding docs PR, if applicable:

Validation

Checklist

  • If this PR includes a functional change to the runtime behavior of the code, I have added or updated automated test coverage for this change.
  • If this PR requires a change to the Project Architecture README, I have included that update in this PR.
  • If this PR requires a docs update, I have linked to that docs PR above.
  • If this PR modifies E2E tests, makes changes to resource provisioning, or makes SDK calls, I have run the PR checks with the run-e2e label set.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@rix0rrr rix0rrr requested review from a team as code owners September 16, 2025 12:34
@changeset-bot
Copy link

changeset-bot bot commented Sep 16, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: 9c19f2b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@rix0rrr rix0rrr marked this pull request as draft September 16, 2025 12:34
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 16, 2025
View reviewed changes
stress_dns.cjs
res.on('data', (data) => {})
});
req.on('error', (e) => {
console.log(`problem with request ${id} : ${e.code} ${e.message}`);

Check warning

Code scanning / CodeQL

Log injection Medium

Log entry depends on a
user-provided value
Loading
.

Copilot Autofix

AI about 1 month ago

To fix the log injection issue, any user-influenced content being logged should have line breaks removed so that attackers cannot forge additional log lines. In this case, before logging e.code and e.message, we should sanitize them by removing or replacing newline and carriage return characters. The ideal approach is to introduce a small helper function to sanitize strings and apply it to every user-controlled input in the log. This edit will be made directly within the request function's error handler in stress_dns.cjs.

No edits to overall functionality or broader architecture are required, just this minor sanitization step and possibly a helper function.

Suggested changeset 1
stress_dns.cjs

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/stress_dns.cjs b/stress_dns.cjs
--- a/stress_dns.cjs
+++ b/stress_dns.cjs
@@ -10,6 +10,14 @@
     }
 }
 
+function sanitizeLog(str) {
+    if (typeof str !== 'string') {
+        return String(str);
+    }
+    // Remove CR and LF characters
+    return str.replace(/[\r\n]+/g, ' ');
+}
+
 function request() {
     var id = ++count;
     if (id > 10000) process.exit()
@@ -22,7 +30,9 @@
         res.on('data', (data) => {})
     });
     req.on('error', (e) => {
-        console.log(`problem with request ${id} : ${e.code} ${e.message}`);
+        console.log(
+            `problem with request ${id} : ${sanitizeLog(e.code)} ${sanitizeLog(e.message)}`
+        );
         console.log(e)
     });
 }
\ No newline at end of file
EOF
@@ -10,6 +10,14 @@
}
}

function sanitizeLog(str) {
if (typeof str !== 'string') {
return String(str);
}
// Remove CR and LF characters
return str.replace(/[\r\n]+/g, ' ');
}

function request() {
var id = ++count;
if (id > 10000) process.exit()
@@ -22,7 +30,9 @@
res.on('data', (data) => {})
});
req.on('error', (e) => {
console.log(`problem with request ${id} : ${e.code} ${e.message}`);
console.log(
`problem with request ${id} : ${sanitizeLog(e.code)} ${sanitizeLog(e.message)}`
);
console.log(e)
});
}
Copilot is powered by AI and may make mistakes. Always verify output.
stress_dns.cjs
});
req.on('error', (e) => {
console.log(`problem with request ${id} : ${e.code} ${e.message}`);
console.log(e)

Check warning

Code scanning / CodeQL

Log injection Medium

Log entry depends on a
user-provided value
Loading
.
@rix0rrr rix0rrr closed this Sep 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rix0rrr