Page MenuHomeSoftware Heritage
Create Task
Maniphest T3836

Define and implement an anti-DoS policy for graph visits using the max_edges parameter
Closed, MigratedEdits Locked
Actions

Description

In order to allow public access to the graph API, we need to prevent external users to DoS the graph service with resource intensive queries. For that, the graph API supports (or will support once T3161 is deployed) a max_edges parameter to limit the number of edges traversed by the graph.

By default, the max_edges parameter is set at 0 (no limit) in the graph service. The Web API should enforce stricter limits when proxying the requests to the graph service.

I think it makes sense to define three different policies for max_edges:

  • One for internal staff users (unlimited?)
  • One for logged in users (100000 edges/query?)
  • One for external users (1000 edges/query?)

For reference, a big repository like CPython has an order of magnitude of around a few million edges.

Revisions and Commits

rDWAPPS Web applications
D6914rDWAPPSe870ec2b9a40 api/graph: Implement anti-DoS policies for graph visits

Related Objects

Event Timeline

seirl triaged this task as High priority.Jan 7 2022, 5:12 PM
seirl created this task.
anlambert added a revision: D6914: api/graph: Implement anti-DoS policies for graph visits.Jan 11 2022, 2:32 PM
anlambert added a commit: rDWAPPSe870ec2b9a40: api/graph: Implement anti-DoS policies for graph visits.Jan 12 2022, 3:00 PM
anlambert closed this task as Resolved.Jan 12 2022, 6:31 PM

Anti-DoS policy has been implemented and deployed. The max_edges thresholds can be easily changed by configuration.

Once final thresholds defined, we should document them in the graph endpoint documentation.

gitlab-migration changed the task status from Resolved to Migrated.Jan 8 2023, 4:36 PM
gitlab-migration claimed this task.
gitlab-migration added subscribers: anlambert, gitlab-migration.

This task has been migrated to GitLab.

About · Developer information · Legal