Skip to content

Update gRPC_Security_Cheat_Sheet by adding example for preventing resource exhaustion#2043

Open
lidiiafedynchuk wants to merge 2 commits intoOWASP:masterfrom
lidiiafedynchuk:issue-2030
Open

Update gRPC_Security_Cheat_Sheet by adding example for preventing resource exhaustion#2043
lidiiafedynchuk wants to merge 2 commits intoOWASP:masterfrom
lidiiafedynchuk:issue-2030

Conversation

@lidiiafedynchuk
Copy link
Contributor

@lidiiafedynchuk lidiiafedynchuk commented Mar 2, 2026
edited
Loading

Update gRPC_Security_Cheat_Sheet by adding example for preventing resource exhaustion

You're A Rockstar

Thank you for submitting a Pull Request (PR) to the Cheat Sheet Series.

🚩 If your PR is related to grammar/typo mistakes, please double-check the file for other mistakes in order to fix all the issues in the current cheat sheet.

Please make sure that for your contribution:

  • In case of a new Cheat Sheet, you have used the Cheat Sheet template.
  • All the markdown files do not raise any validation policy violation, see the policy.
  • All the markdown files follow these format rules.
  • All your assets are stored in the assets folder.
  • All the images used are in the PNG format.
  • Any references to websites have been formatted as [TEXT](URL)
  • You verified/tested the effectiveness of your contribution (e.g., the defensive code proposed is really an effective remediation? Please verify it works!).
  • The CI build of your PR pass, see the build status here.

If your PR is related to an issue, please finish your PR text with the following line:

This PR fixes issue #2030.

AI Tool Usage Disclosure (required for all PRs)

Please select one of the following options:

  • I have NOT used any AI tool to generate the contents of this PR.
  • I have used AI tools to generate the contents of this PR. I have verified
    the contents and I affirm the results. The LLM used is [llm name and version]
    and the prompt used is [your prompt here]. [Feel free to add more details if needed]

Thank you again for your contribution 😃

@lidiiafedynchuk lidiiafedynchuk mentioned this pull request Mar 2, 2026
Open
@mackowski mackowski requested review from Copilot, jmanico and szh March 3, 2026 08:13
Copilot AI reviewed Mar 3, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the gRPC Security Cheat Sheet to address resource exhaustion risks in streaming RPCs by adding guidance and a Go example that attempts to cap streaming message counts and session duration.

Changes:

  • Adds a recommendation to limit streaming session duration and maximum messages per stream.
  • Adds a Go code example demonstrating message-count and duration limiting logic for streaming.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@lidiiafedynchuk
Copy link
Contributor Author

lidiiafedynchuk commented Mar 7, 2026

@szh could you please review when you get a chance. Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jmanico jmanico jmanico approved these changes

@szh szh Awaiting requested review from szh

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lidiiafedynchuk @jmanico