Skip to content

Add an analyzer warning of erroneous usage of MaxResponseHeadersLength #75137

New issue
New issue
Closed
dotnet/roslyn-analyzers
#6796
Closed
Add an analyzer warning of erroneous usage of MaxResponseHeadersLength#75137
dotnet/roslyn-analyzers
#6796
Assignees
amiru3f
Labels
api-approvedAPI was approved in API review, it can be implementedarea-System.Net.Httpcode-analyzerMarks an issue that suggests a Roslyn analyzer
Milestone
 
9.0.0
@MihaZupan

Description

@MihaZupan
MihaZupan
opened on Sep 6, 2022

HttpClientHandler has a MaxResponseHeadersLength property that controls how much data we'll buffer for the response headers before giving up.

The value is in KB, not bytes, so it's easy for users to set it way too high by mistake (e.g. #73848).
The default is 64 KB which should be plenty for the vast majority of use cases, but users sometimes choose to set it even lower.

I propose that we add an analyzer that warns the user if they set MaxResponseHeadersLength to a constant higher than 128 (or 512 or 1024 - the exact number doesn't matter all that much).
In the rare case where the change was intentional, the user should suppress the warning.

new SocketsHttpHandler()
{
    MaxResponseHeadersLength = 16 * 1024 // Do you really mean 16 MB?
};

Metadata

Metadata

Assignees

Labels

api-approvedAPI was approved in API review, it can be implementedarea-System.Net.Httpcode-analyzerMarks an issue that suggests a Roslyn analyzer

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions