π‘οΈ Sentinel: [HIGH] Fix Storage Exhaustion DoS via CACHE_START_CONFIG#504
π‘οΈ Sentinel: [HIGH] Fix Storage Exhaustion DoS via CACHE_START_CONFIG#504n24q02m wants to merge 2 commits into
Conversation
* Added payload size limit validation in `background.js` for the `CACHE_START_CONFIG` message handler * Rejects payloads larger than 51200 chars (approx 50KB) to prevent `chrome.storage.session` quota exhaustion. * Included comprehensive test suite for size validation inside `tests/security.test.js`. * Formatted all code and successfully passed full test suite. Co-authored-by: n24q02m <135627235+n24q02m@users.noreply.github.com>
|
π Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a π emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
Dependency Reviewβ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
* Added payload size limit validation in `background.js` for the `CACHE_START_CONFIG` message handler * Rejects payloads larger than 51200 chars (approx 50KB) to prevent `chrome.storage.session` quota exhaustion. * Included comprehensive test suite for size validation inside `tests/security.test.js`. * Formatted all code and successfully passed full test suite. Co-authored-by: n24q02m <135627235+n24q02m@users.noreply.github.com>
1 participant
π¨ Severity: HIGH
π‘ Vulnerability
The
CACHE_START_CONFIGmessage handler inbackground.jsblindly persisted objects provided by the unprivileged content script intochrome.storage.sessionwithout bounds checking. A malicious payload from an unprivileged context could easily exhaust the strictchrome.storage.sessionquota (typically 1MB-10MB depending on Chrome config).π― Impact
Storage Exhaustion Denial of Service (DoS) attack. If the quota is exhausted, no other features of the extension that rely on
chrome.storage.sessionwill function correctly, and it could potentially cause extension failure or crash.π§ Fix
Implemented a strict payload size boundary (approx 50KB length validation check) on the
msg.configpayload inside the message handler inbackground.js. If the payload exceeds the limit, it throws a'Security Error: Payload too large'instead of persisting the state.This aligns with the Defense in Depth architecture against malicious inputs from unprivileged
content.jsscript interactions.β Verification
should enforce payload size limits on CACHE_START_CONFIG to prevent DoShas been successfully implemented and passing under theOrchestrator Privilege Escalation Securitytest suite.pnpm test(All 235 tests pass smoothly).PR created automatically by Jules for task 1194638788079387937 started by @n24q02m