From 84d24fa1eff86eae6643875f91907df488ce6078 Mon Sep 17 00:00:00 2001 From: "Alex Xu (Hello71)" Date: Wed, 11 Nov 2020 21:32:01 -0500 Subject: improve documentation --- README | 11 ++++++++++- syntax-highlighting-server.py | 11 ----------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/README b/README index 948161c..dc3c53d 100644 --- a/README +++ b/README @@ -5,7 +5,7 @@ compared to invoking python on every request. Requirements: -- Python 3.5.3 (for aiohttp and asyncio.get_running_loop) +- Python 3.5.3+ (for aiohttp and asyncio.get_running_loop) - aiohttp - pygments @@ -16,3 +16,12 @@ Usage: boot. This can be done by `systemctl enable syntax-highlighting` on systemd machines. 3. Set your cgit source filter to syntax-highlighting-client.sh. + +Security: + +aiohttp is not designed with security in mind. Slow clients can easily cause +excessive memory usage by sending very large highlighting requests, or by +opening a large number of connections and abandoning them. Therefore, +cgit-syntax-highlighting SHOULD NOT be exposed to the public Internet. +Suggestions are accepted for more lightweight asynchronous Python HTTP server +libraries. diff --git a/syntax-highlighting-server.py b/syntax-highlighting-server.py index a1e30d6..481c4c0 100755 --- a/syntax-highlighting-server.py +++ b/syntax-highlighting-server.py @@ -1,16 +1,5 @@ #!/usr/bin/env python3 -# syntax-highlighting-server.py: create a simple HTTP server to highlight -# source for cgit. improves performance compared to invoking python on every -# request. -# -# Requirements: Python 3, pygments. -# -# Usage: Configure your system to run this at boot. Note that this program is -# not hardened, and it can be trivially DoSed. therefore, do not configure it -# to listen on a public network. Once configured, set your cgit source filter -# to syntax-highlighting-client.sh. - import pygments from pygments import highlight from pygments.formatters import HtmlFormatter -- cgit v1.2.3-54-g00ecf