feat(dotenv): check for .env file size to prevent DoS

2026-05-29 04:53:17 +02:00 · 2026-03-05 10:29:05 +01:00 · 2026-03-05 10:29:05 +01:00 · e6ab2b3645
commit e6ab2b3645
parent 2014363332
2 changed files with 20 additions and 0 deletions
--- a/plugins/dotenv/tests/basic-parsing.zunit
+++ b/plugins/dotenv/tests/basic-parsing.zunit
@ -27,6 +27,13 @@
  assert $state equals 1
 }

+@test 'parse returns error for oversized file (> 10MiB)' {
+  command truncate -s 11M "$fixture" 2>/dev/null
+
+  run _parse_dotenv_quiet "$fixture" "test"
+  assert $state equals 1
+}
+
@test 'parse returns error for non-existent file' {
  run _parse_dotenv_quiet "/nonexistent/path/.env" "test"
  assert $state equals 1