sbp commented on code in PR #1147:
URL:
https://github.com/apache/tooling-trusted-releases/pull/1147#discussion_r3059905179
##########
atr/ssh.py:
##########
@@ -251,6 +269,25 @@ def _output_stderr(process: asyncssh.SSHServerProcess,
message: str) -> None:
log.exception(f"Error writing to client stderr: {e}")
+def _rate_limit_check(bucket: dict[str, collections.deque[float]], key: str,
limit: int) -> bool:
+ """Return True if key is within the rate limit, False if exceeded. Mutates
bucket."""
+ now = time.monotonic()
+ window = bucket.get(key)
+ if window is not None:
+ while window and (now - window[0]) > _RATE_WINDOW:
+ window.popleft()
+ if not window:
Review Comment:
Ah, this doesn't work either. The problem is that when this is deleted we
set `window = None` and then fall through. Then, later on, when `window is
None`, we add a window to the bucket again. So really this clearing is a noop!
But also, it doesn't make sense conceptually to drop the entry when we have a
new request coming in. We can only drop all the IPs that aren't connecting, but
that would mean scanning them all.
So, how about adding this to the cleanup task that you just added to
`server.py`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
