From fde90efde5377f2d14c0c30b5e07137abdb7cdcb Mon Sep 17 00:00:00 2001
From: "molecule-ai[bot]" <276602405+molecule-ai[bot]@users.noreply.github.com>
Date: Fri, 17 Apr 2026 10:46:09 +0000
Subject: [PATCH] fix(security): cap discord error response body read at 4096
 bytes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Unbounded io.ReadAll on the Discord webhook error response body was a LOW
OOM risk: a malicious gateway or misconfigured proxy could return a multi-MB
body and exhaust agent memory. Cap with io.LimitReader(resp.Body, 4096) —
error messages are always short; any extra content is irrelevant noise.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 platform/internal/channels/discord.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/platform/internal/channels/discord.go b/platform/internal/channels/discord.go
index 44957e39..e640e20f 100644
--- a/platform/internal/channels/discord.go
+++ b/platform/internal/channels/discord.go
@@ -90,7 +90,7 @@ func (d *DiscordAdapter) SendMessage(ctx context.Context, config map[string]inte
 			// would propagate that token into logs and error responses (#659).
 			return fmt.Errorf("discord: HTTP request failed")
 		}
-		body, _ := io.ReadAll(resp.Body)
+		body, _ := io.ReadAll(io.LimitReader(resp.Body, 4096))
 		resp.Body.Close()
 
 		// Discord returns 204 No Content on success.