Skip to content

Single read() truncates large webhook payloads #198

New issue
New issue
Closed
Closed
Single read() truncates large webhook payloads#198
Labels
bugSomething isn't workingrustRust backend codev1.7.0Target: v1.7.0 release
@fatihkan

Description

@fatihkan
fatihkan
opened on Mar 6, 2026

Bug Description

In webhook_server.rs:51, a single read() call is used to read the webhook request body. Large payloads (e.g., from GitHub push events with many commits) may be truncated.

Location

creedflow-desktop/src-tauri/src/services/webhook_server.rs:51

Severity

Important — Large webhook payloads silently truncated.

Steps to Fix

  1. Read in a loop until EOF or Content-Length is reached
  2. Set a reasonable max payload size (e.g., 1MB) to prevent DoS
  3. Return 413 if payload exceeds limit

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingrustRust backend codev1.7.0Target: v1.7.0 release

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions