Files
simplexmq/tests
sh 9e4d8d95c0 namespace: bound parser input to 253 bytes (DoS defense)
The bare-name fallback and bareDomain parser would otherwise consume
arbitrarily many non-space bytes via takeWhile1 before any validation
or length check. A crafted multi-megabyte token would be decoded as
UTF-8 and re-parsed in full before being rejected.

Introduce `boundedNonSpace` (scan with 253-byte cap) at the two
takeWhile1 sites. Inputs longer than 253 bytes leave residue that
parseOnly's implicit endOfInput rejects, so the parser fails fast
without ever allocating the full input.

The bound is the DNS full-domain limit, chosen for being a familiar
ceiling generous enough to cover any realistic SimpleX name (longest
plausible @user.subdomain.simplex stays well under 100 bytes). No
per-label cap — SimpleX names don't go through DNS label resolution
and there's no semantic reason to constrain individual labels.
2026-06-03 19:03:45 +00:00
..
2026-05-21 14:14:03 +01:00
2026-05-21 14:14:03 +01:00
2026-05-21 14:14:03 +01:00
2026-05-21 14:14:03 +01:00
2026-05-21 14:14:03 +01:00
2026-05-21 14:14:03 +01:00
2026-04-20 13:42:25 +01:00

Running tests with coverage

  1. Uncomment coverage sections in cabal.project file.
  2. Add -fhpc to ghc-options of simplexmq-test in simplexmq.cabal file.
  3. Disable (xit) test "should subscribe to multiple (200) subscriptions with batching", enable (comment skip) the next test instead.
  4. Run cabal test.
  5. Open generated coverage report in the browser.