From 36a7e8b3eb027f05181a2f1b4002a0ce45c54ae4 Mon Sep 17 00:00:00 2001
From: shoko <270575765+shokollm@users.noreply.github.com>
Date: Thu, 26 Mar 2026 19:13:13 +0000
Subject: [PATCH] security(polymarket-browse): add MAX_RESPONSE_SIZE limit to
 prevent memory exhaustion

- Add MAX_RESPONSE_SIZE = 10MB constant
- Check response size before json.loads() in fetch_page()
- Raises ValueError if response exceeds limit
- Prevents memory exhaustion from malicious/gigantic API responses
---
 skills/polymarket-browse/scripts/browse.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/skills/polymarket-browse/scripts/browse.py b/skills/polymarket-browse/scripts/browse.py
index e1af87b..55e871c 100644
--- a/skills/polymarket-browse/scripts/browse.py
+++ b/skills/polymarket-browse/scripts/browse.py
@@ -97,6 +97,7 @@ class FetchResult(TypedDict):
 PAGE_SIZE = 50
 MAX_RETRIES = 5
 INITIAL_RETRY_DELAY = 2  # exponential backoff starts at 2s
+MAX_RESPONSE_SIZE = 10 * 1024 * 1024  # 10MB limit per API response
 WIB = timezone(timedelta(hours=7))  # UTC+7 for Indonesian users
 
 GAME_CATEGORIES = {
@@ -178,7 +179,12 @@ def fetch_page(
         try:
             req = Request(url, headers={"User-Agent": "Mozilla/5.0"})
             with urlopen(req, timeout=10) as r:
-                return json.loads(r.read())
+                data = r.read()
+                if len(data) > MAX_RESPONSE_SIZE:
+                    raise ValueError(
+                        f"API response too large: {len(data)} bytes (max {MAX_RESPONSE_SIZE})"
+                    )
+                return json.loads(data)
         except Exception:
             if attempt < max_retries - 1:
                 delay *= 2