From 38140ea4ad9e08d7102f868dd2c5faeb98c61f2c Mon Sep 17 00:00:00 2001
From: Teodor-Adrian Mihaescu <103431261+TeodorSAP@users.noreply.github.com>
Date: Thu, 20 Feb 2025 09:55:47 +0100
Subject: [PATCH] fix: Security warning "prone to resource exhaustion" (#1862)

---
 internal/selfmonitor/webhook/handler.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/internal/selfmonitor/webhook/handler.go b/internal/selfmonitor/webhook/handler.go
index b8c1a2c93..16fa94de6 100644
--- a/internal/selfmonitor/webhook/handler.go
+++ b/internal/selfmonitor/webhook/handler.go
@@ -87,13 +87,16 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	alertsYAML, err := io.ReadAll(r.Body)
+	const maxBytesToRead = 1 << 20 // 1 MB
+
+	alertsYAML, err := io.ReadAll(http.MaxBytesReader(w, r.Body, maxBytesToRead)) // Limit max bytes read (avoid "prone to resource exhaustion" security warning)
 	if err != nil {
 		h.logger.Error(err, "Failed to read request body")
 		w.WriteHeader(http.StatusInternalServerError)
 
 		return
 	}
+
 	defer r.Body.Close()
 
 	var alerts []Alert