[Fix] safeFetch streaming maxSize memory DoS regression test (#408)

[advancedresearcharray]

Summary

• Issue [Bug] safeFetch buffers entire response before enforcing maxSize — memory DoS #408 reported that safeFetch buffered the entire response via res.arrayBuffer() before enforcing maxSize, enabling a memory DoS. The streaming reader fix landed in fix(net): stream safeFetch body with incremental maxSize enforcement #487 and reader cancellation in [Fix] Cancel safeFetch body reader when maxSize exceeded #523, but the issue remained open.
• Adds a regression test that verifies safeFetch stops reading an oversized streamed body before draining all chunks (bounded reads + reader cancel), matching the memory-DoS scenario in the issue.

Closes #408

Test plan

• pnpm --filter @clawwork/desktop test -- safe-fetch.test.ts — 25 tests passed
• New test: does not read the entire oversized body before rejecting — bounded streaming (#408)

release-note

NONE

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a regression test for safeFetch to ensure that it properly handles oversized streamed responses. By validating that the fetch operation terminates and cancels the stream reader as soon as the size limit is reached, it confirms the fix for a potential memory denial-of-service vulnerability.

Highlights

• Regression Testing: Added a new test case to verify that safeFetch correctly enforces maxSize limits during streaming, preventing memory DoS vulnerabilities.
• Streaming Validation: Ensured that the reader is cancelled and processing stops immediately once the maxSize threshold is exceeded, rather than draining the entire body.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Hi @advancedresearcharray,
Thanks for your pull request!
If the PR is ready, use the /auto-cc command to assign Reviewer to Review.
We will review it shortly.

Details

Instructions for interacting with me using comments are available here.
If you have questions or suggestions related to my behavior, please file an issue against the gh-ci-bot repository.

[gemini-code-assist]

Code Review

This pull request adds a new test case to verify that safeFetch implements bounded streaming and does not read an entire oversized body before rejecting. The review feedback suggests simplifying the test mock setup by directly spying on the reader returned by streamReaderFrom and returning it, rather than manually reconstructing a duplicate reader object.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

The streamReaderFrom helper function already returns a fully-formed ReadableStreamDefaultReader<Uint8Array> object containing read, cancel, releaseLock, and closed properties. Instead of manually reconstructing a duplicate reader object in the getReader mock and manually binding/wrapping reader.read with vi.fn, you can simplify the test by spying on the reader directly with vi.spyOn(reader, 'read') and returning reader from getReader.

Suggested change

	const reader = streamReaderFrom(new ArrayBuffer(bodySize), chunkSize, cancel);
	const read = vi.fn(reader.read.bind(reader));
	netFetchMock.mockResolvedValue({
	ok: true,
	status: 200,
	headers: new Headers(),
	body: {
	getReader: () =>
	({
	read,
	cancel,
	releaseLock: () => {},
	closed: Promise.resolve(undefined),
	}) as ReadableStreamDefaultReader<Uint8Array>,
	},
	} as unknown as Response);
	await expect(safeFetch('https://cdn.example.com/huge-stream.bin', { maxSize })).rejects.toThrow('too large');
	// 5 chunks (1280 bytes) exceed maxSize; must not drain the full 10 KiB body.
	expect(read.mock.calls.length).toBeLessThan(bodySize / chunkSize);
	expect(read.mock.calls.length).toBeLessThanOrEqual(Math.ceil(maxSize / chunkSize) + 1);
	expect(cancel).toHaveBeenCalledOnce();
	const reader = streamReaderFrom(new ArrayBuffer(bodySize), chunkSize, cancel);
	const readSpy = vi.spyOn(reader, 'read');
	netFetchMock.mockResolvedValue({
	ok: true,
	status: 200,
	headers: new Headers(),
	body: {
	getReader: () => reader,
	},
	} as unknown as Response);
	await expect(safeFetch('https://cdn.example.com/huge-stream.bin', { maxSize })).rejects.toThrow('too large');
	// 5 chunks (1280 bytes) exceed maxSize; must not drain the full 10 KiB body.
	expect(readSpy.mock.calls.length).toBeLessThan(bodySize / chunkSize);
	expect(readSpy.mock.calls.length).toBeLessThanOrEqual(Math.ceil(maxSize / chunkSize) + 1);
	expect(cancel).toHaveBeenCalledOnce();

[advancedresearcharray]

/auto-cc

[advancedresearcharray]

Friendly follow-up: CI is green on the latest commit and this PR is ready for review/merge when you have a moment. Thanks!

[samzong]

Thanks @advancedresearcharray!
/lgtm
/approve