shoko/jujutsu-skills
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: shoko:ca13a2e194ce2378a7f31c3964991b0a2f649488
Branches Tags
shoko:master shoko:fix/live-time-display shoko:feat/parallel-fetch-cache shoko:fix/line-lengths shoko:feat/add-type-hints shoko:fix/issue-14-refactor-browse shoko:hermes/hermes-e8a6100e
shoko:polymarket-browse/v0.0.3 shoko:polymarket-browse/v0.0.2
..
compare: shoko:54679cac44589f816587183d990e28926b69f957
Branches Tags
shoko:master shoko:fix/live-time-display shoko:feat/parallel-fetch-cache shoko:fix/line-lengths shoko:feat/add-type-hints shoko:fix/issue-14-refactor-browse shoko:hermes/hermes-e8a6100e
shoko:polymarket-browse/v0.0.3 shoko:polymarket-browse/v0.0.2

3 Commits
ca13a2e194 ... 54679cac44

Author SHA1 Message Date
shoko
54679cac44 Merge branch 'pr-35' into 0.0.3-draft 2026-03-27 02:26:52 +00:00
shoko
2c636048e7 security(polymarket-browse): improve response size limit with dynamic calculation 
- Replace fixed 10MB limit with dynamic calculation
- get_max_response_size() computes limit based on PAGE_SIZE * multiplier
- Uses 10x multiplier (e.g., PAGE_SIZE=50 -> ~500KB * 10 = ~5MB)
- Clamped between 10MB minimum and 100MB maximum
- Formula: max(PAGE_SIZE * multiplier, 10MB) capped at 100MB
 2026-03-27 01:36:32 +00:00
shoko
36a7e8b3eb security(polymarket-browse): add MAX_RESPONSE_SIZE limit to prevent memory exhaustion 
- Add MAX_RESPONSE_SIZE = 10MB constant
- Check response size before json.loads() in fetch_page()
- Raises ValueError if response exceeds limit
- Prevents memory exhaustion from malicious/gigantic API responses
 2026-03-26 19:13:13 +00:00
1 changed files with 22 additions and 1 deletions
Expand all files Collapse all files

23
skills/polymarket-browse/scripts/browse.py
View File

@@ -98,6 +98,9 @@ class FetchResult(TypedDict):
PAGE_SIZE = 50 PAGE_SIZE = 50
MAX_RETRIES = 5 MAX_RETRIES = 5
INITIAL_RETRY_DELAY = 2 # exponential backoff starts at 2s INITIAL_RETRY_DELAY = 2 # exponential backoff starts at 2s
MAX_RESPONSE_SIZE_MULTIPLIER = 10 # Response size limit = PAGE_SIZE * multiplier
MAX_RESPONSE_SIZE_MIN = 10 * 1024 * 1024 # 10MB minimum
MAX_RESPONSE_SIZE_MAX = 100 * 1024 * 1024 # 100MB maximum for safety
WIB = timezone(timedelta(hours=7)) # UTC+7 for Indonesian users WIB = timezone(timedelta(hours=7)) # UTC+7 for Indonesian users
_DISPLAY_TZ = WIB # Module-level timezone for display (configurable via --timezone) _DISPLAY_TZ = WIB # Module-level timezone for display (configurable via --timezone)
@@ -139,6 +142,18 @@ def parse_timezone(tz_str: str) -> timezone:
return WIB return WIB
def get_max_response_size(page_size: int = PAGE_SIZE) -> int:
"""
Calculate max response size based on expected payload.
Uses 10x multiplier: if PAGE_SIZE=50 events, expected ~500KB-5MB,
so 10x gives 5MB-50MB. Clamped between 10MB and 100MB.
"""
multiplier = MAX_RESPONSE_SIZE_MULTIPLIER * page_size * 1024 # rough estimate
size = max(multiplier, MAX_RESPONSE_SIZE_MIN)
return min(size, MAX_RESPONSE_SIZE_MAX)
GAME_CATEGORIES = { GAME_CATEGORIES = {
"All Esports": "Esports", "All Esports": "Esports",
"Counter Strike": "Counter Strike", "Counter Strike": "Counter Strike",
@@ -218,7 +233,13 @@ def fetch_page(
try: try:
req = Request(url, headers={"User-Agent": "Mozilla/5.0"}) req = Request(url, headers={"User-Agent": "Mozilla/5.0"})
with urlopen(req, timeout=10) as r: with urlopen(req, timeout=10) as r:
return json.loads(r.read()) data = r.read()
max_size = get_max_response_size(PAGE_SIZE)
if len(data) > max_size:
raise ValueError(
f"API response too large: {len(data)} bytes (max {max_size})"
)
return json.loads(data)
except Exception: except Exception:
if attempt < max_retries - 1: if attempt < max_retries - 1:
delay *= 2 delay *= 2