security: add safe.ReadAllLimited — bound all HTTP response body reads to 10MB

- Created safe/io.go with ReadAllLimited helper (default 10MB limit)
- Replaced 62 unbounded io.ReadAll(resp.Body) calls across 32 files
- Covers all exchange traders (Hyperliquid, Bybit, Binance, OKX, Aster,
  KuCoin, Gate, Bitget, Lighter, Indodax), providers (CoinAnk, Alpaca,
  TwelveData), MCP client/x402, market data, wallet, telegram, kernel
- Prevents OOM from malicious/buggy exchange API responses
- Previously fixed: brain.go, sentinel.go already had manual LimitReader
This commit is contained in:
shinchan-zhai
2026-03-23 10:55:03 +08:00
parent 1d0d6f7afd
commit 982ee668c9
33 changed files with 120 additions and 89 deletions

View File

@@ -1,11 +1,11 @@
package hyperliquid
import (
"nofx/safe"
"bytes"
"context"
"encoding/json"
"fmt"
"io"
"net/http"
"strings"
"time"
@@ -117,7 +117,7 @@ func (c *Client) GetCandles(ctx context.Context, coin string, interval string, l
defer resp.Body.Close()
// Read response
body, err := io.ReadAll(resp.Body)
body, err := safe.ReadAllLimited(resp.Body)
if err != nil {
return nil, fmt.Errorf("failed to read response: %w", err)
}
@@ -169,7 +169,7 @@ func (c *Client) GetAllMidsWithDex(ctx context.Context, dex string) (map[string]
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
body, err := safe.ReadAllLimited(resp.Body)
if err != nil {
return nil, fmt.Errorf("failed to read response: %w", err)
}
@@ -206,7 +206,7 @@ func (c *Client) GetMeta(ctx context.Context) (*Meta, error) {
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
body, err := safe.ReadAllLimited(resp.Body)
if err != nil {
return nil, fmt.Errorf("failed to read response: %w", err)
}