index: support --max-size / publicinbox.indexMaxSize

In normal mail paths, we can rely on MTAs being configured with
reasonable limits in the -watch and -mda mail injection paths.

However, the MTA is bypassed in a git-only delivery path, a BOFH
could inject a large message and DoS users attempting to mirror
a public-inbox.

This doesn't protect unindexed WWW interfaces from Email::MIME
memory explosions on v1 inboxes.  Probably nobody cares about
unindexed WWW interfaces anymore, especially now that Xapian is
optional for indexing.

1 files changed, 17 insertions, 13 deletions

diff --git a/t/cgi.t b/t/cgi.t
index 52f80e88..bceb83e5 100644
--- a/t/cgi.t
+++ b/t/cgi.t
@@ -55,10 +55,14 @@ Date: Thu, 01 Jan 1970 00:00:00 +0000
 
 zzzzzz
 EOF
-        $im->add($mime);
+        ok($im->add($mime), 'added initial message');
+
+        $mime->header_set('Message-ID', '<toobig@example.com>');
+        $mime->body_str_set("z\n" x 1024);
+        ok($im->add($mime), 'added big message');
 
         # deliver a reply, too
-        my $reply = Email::MIME->new(<<EOF);
+        $mime = Email::MIME->new(<<EOF);
 From: You <you\@example.com>
 To: Me <me\@example.com>
 Cc: $addr
@@ -72,7 +76,7 @@ Me wrote:
 
 what?
 EOF
-        $im->add($reply);
+        ok($im->add($mime), 'added reply');
 
         my $slashy_mid = 'slashy/asdf@example.com';
         my $slashy = Email::MIME->new(<<EOF);
@@ -85,7 +89,7 @@ Date: Thu, 01 Jan 1970 00:00:01 +0000
 
 slashy
 EOF
-        $im->add($slashy);
+        ok($im->add($slashy), 'added slash');
         $im->done;
 
         my $res = cgi_run("/test/slashy/asdf\@example.com/raw");
@@ -99,14 +103,9 @@ EOF
         my $path = "/test/blahblah\@example.com/t.mbox.gz";
         my $res = cgi_run($path);
         like($res->{head}, qr/^Status: 501 /, "search not-yet-enabled");
-        my $indexed;
-        eval {
-                require DBD::SQLite;
-                require PublicInbox::SearchIdx;
-                my $s = PublicInbox::SearchIdx->new($ibx, 1);
-                $s->index_sync;
-                $indexed = 1;
-        };
+        my $cmd = ['-index', $ibx->{inboxdir}, '--max-size=2k'];
+        my $opt = { 2 => \(my $err) };
+        my $indexed = run_script($cmd, undef, $opt);
         if ($indexed) {
                 $res = cgi_run($path);
                 like($res->{head}, qr/^Status: 200 /, "search returned mbox");
@@ -117,9 +116,14 @@ EOF
                         IO::Uncompress::Gunzip::gunzip(\$in => \$out);
                         like($out, qr/^From /m, "From lines in mbox");
                 };
+                $res = cgi_run('/test/toobig@example.com/');
+                like($res->{head}, qr/^Status: 300 /,
+                        'did not index or return >max-size message');
+                like($err, qr/skipping [a-f0-9]{40,}/,
+                        'warned about skipping large OID');
         } else {
                 like($res->{head}, qr/^Status: 501 /, "search not available");
-                SKIP: { skip 'DBD::SQLite not available', 2 };
+                SKIP: { skip 'DBD::SQLite not available', 4 };
         }
 
         my $have_xml_treepp = eval { require XML::TreePP; 1 } if $indexed;