Skip to content

Added IP-based rate limiting for Copi (fixes #1877) #1920

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
immortal71 wants to merge 41 commits into
base: master
Choose a base branch
from
Open

Added IP-based rate limiting for Copi (fixes #1877) #1920

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
41 commits
Select commit Hold shift + click to select a range
49c614a
Added IP-based rate limiting for Copi (fixes #1877)
immortal71 Dec 3, 2025
c74db05
Add separate player creation rate limiting (addresses @sydseter feedb…
immortal71 Dec 27, 2025
c2d3f56
Bump actions/setup-node from 6.0.0 to 6.1.0
dependabot[bot] Dec 3, 2025
85d1f1b
Bump @sveltejs/kit from 2.49.0 to 2.49.1 in /cornucopia.owasp.org
dependabot[bot] Dec 3, 2025
ca372bb
Bump actions/checkout from 6.0.0 to 6.0.1
dependabot[bot] Dec 3, 2025
1c5dca2
Bump svelte from 5.45.3 to 5.45.4 in /cornucopia.owasp.org
dependabot[bot] Dec 3, 2025
032c1bc
Update acknowledgements on index.md
cw-owasp Dec 5, 2025
071dd6e
Remove duplicate 'nl' from languages list
sydseter Dec 7, 2025
21d2208
Add statistics section with SQL queries
sydseter Dec 7, 2025
1e8cac0
Bump svelte from 5.45.5 to 5.45.6 in /cornucopia.owasp.org
dependabot[bot] Dec 8, 2025
c697fc9
Bump black from 25.1.0 to 25.12.0
dependabot[bot] Dec 8, 2025
5d431e4
Bump github/codeql-action from 4.31.6 to 4.31.7
dependabot[bot] Dec 8, 2025
2ddb1a4
Bump pipenv from 2025.0.4 to 2025.1.1
dependabot[bot] Dec 8, 2025
9e86536
Bump pytest from 8.3.5 to 9.0.2
dependabot[bot] Dec 8, 2025
a912ed5
Bump urllib3 from 2.5.0 to 2.6.0 in the pip group across 1 directory
dependabot[bot] Dec 8, 2025
a777346
Bump pytest from 8.3.5 to 9.0.2
dependabot[bot] Dec 9, 2025
7ef2616
Bump coverage from 7.10.7 to 7.13.0
dependabot[bot] Dec 9, 2025
9728290
Bump mvdan/shfmt from `20597e9` to `e414177`
dependabot[bot] Dec 9, 2025
f62c2c1
Bump black from 25.1.0 to 25.12.0
dependabot[bot] Dec 9, 2025
4cf8d1d
Bump platformdirs from 4.4.0 to 4.5.1
dependabot[bot] Dec 9, 2025
b69b7ee
Bump urllib3 from 2.5.0 to 2.6.1
dependabot[bot] Dec 9, 2025
2914826
Bump urllib3 from 2.5.0 to 2.6.0 in the pip group across 1 directory
dependabot[bot] Dec 9, 2025
8dc0228
Bump hexpm/elixir in /copi.owasp.org
dependabot[bot] Dec 12, 2025
91ba5c9
Bump @types/node from 24.10.1 to 25.0.1 in /cornucopia.owasp.org
dependabot[bot] Dec 12, 2025
61daa2c
Bump actions/cache from 4.3.0 to 5.0.0
dependabot[bot] Dec 12, 2025
057be34
Bump swoosh from 1.19.8 to 1.19.9 in /copi.owasp.org
dependabot[bot] Dec 10, 2025
d96b0a8
Bump urllib3 from 2.5.0 to 2.6.1
dependabot[bot] Dec 12, 2025
81f6c72
Bump svelte from 5.45.6 to 5.45.10 in /cornucopia.owasp.org
dependabot[bot] Dec 12, 2025
93a7365
Bump step-security/harden-runner from 2.13.3 to 2.14.0
dependabot[bot] Dec 10, 2025
1b741f9
Bump ecto_sql from 3.13.2 to 3.13.3 in /copi.owasp.org
dependabot[bot] Dec 9, 2025
6d8617d
Bump phoenix from 1.8.2 to 1.8.3 in /copi.owasp.org
dependabot[bot] Dec 12, 2025
6a33309
Bump phoenix_live_reload from 1.6.1 to 1.6.2 in /copi.owasp.org
dependabot[bot] Dec 12, 2025
4d76020
Bump @sveltejs/kit from 2.49.1 to 2.49.2 in /cornucopia.owasp.org
dependabot[bot] Dec 12, 2025
8f14efb
Update copi.owasp.org/lib/copi_web/plugs/rate_limiter.ex
sydseter Dec 22, 2025
eefba03
Update copi.owasp.org/lib/copi_web/live/game_live/index.ex
sydseter Dec 22, 2025
2522145
Update copi.owasp.org/SECURITY.md
sydseter Dec 22, 2025
87afaf7
Update copi.owasp.org/lib/copi/rate_limiter.ex
sydseter Dec 24, 2025
800d112
Update copi.owasp.org/lib/copi_web/plugs/rate_limiter.ex
sydseter Dec 24, 2025
ab9b6fb
Update copi.owasp.org/lib/copi_web/live/game_live/create_game_form.ex
sydseter Dec 24, 2025
0198d83
Update copi.owasp.org/lib/copi_web/plugs/rate_limiter.ex
sydseter Dec 24, 2025
b0b9e4c
Update copi.owasp.org/test/copi/rate_limiter_test.exs
sydseter Dec 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .github/workflows/build-website-staging.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
steps:
# Make sure we have some code to test
- name: Harden runner
uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
egress-policy: block
allowed-endpoints: >
Expand All @@ -29,14 +29,14 @@
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
name: Install pnpm
with:
version: 10.0.0
run_install: false
- name: Install Node.js
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: 20.18.2
- name: Build
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/build-website.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
steps:
# Make sure we have some code to test
- name: Harden runner
uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
egress-policy: block
allowed-endpoints: >
Expand All @@ -27,7 +27,7 @@
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
ref: ${{ github.event.pull_request.head.sha }}
- uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
Expand All @@ -37,7 +37,7 @@
run_install: false

- name: Install Node.js
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: 20.18.2
- name: Build
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,11 +45,11 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@fe4161a26a8629af62121b670040955b330f9af2 # v2.2.9
uses: github/codeql-action/init@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v2.2.9
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -59,7 +59,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@fe4161a26a8629af62121b670040955b330f9af2 # v2.2.9
uses: github/codeql-action/autobuild@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v2.2.9

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
Expand All @@ -72,6 +72,6 @@ jobs:
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@fe4161a26a8629af62121b670040955b330f9af2 # v2.2.9
uses: github/codeql-action/analyze@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v2.2.9
with:
category: "/language:${{matrix.language}}"
4 changes: 2 additions & 2 deletions .github/workflows/copi-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,15 +26,15 @@
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5

steps:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: build project
working-directory: copi.owasp.org
run: docker build -f ./Dockerfile .
- name: Cache deps
id: cache-deps
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
uses: actions/cache@a7833574556fa59680c1b7cb190c1735db73ebf0 # v5.0.0
env:
cache-name: cache-elixir-deps
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/copi-deploy-production.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
deploy-to-prod:
runs-on: ubuntu-latest # Or another supported runner
steps:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Install Elixir and Erlang
uses: erlef/setup-beam@e6d7c94229049569db56a7ad5a540c051a010af9 # v1.20.4
with:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/copi-deploy-staging.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,10 @@
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5

steps:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Cache deps
id: cache-deps
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
uses: actions/cache@a7833574556fa59680c1b7cb190c1735db73ebf0 # v5.0.0
env:
cache-name: cache-elixir-deps
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dependency-review.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
needs: hardening
steps:
- name: 'Checkout Repository'
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: 'Dependency Review'
uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
with:
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/deploy-website-production.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
steps:
# Make sure we have some code to test
- name: Harden runner
uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
egress-policy: block
allowed-endpoints: >
Expand All @@ -26,15 +26,15 @@
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
name: Install pnpm
with:
version: 10.0.0
run_install: false

- name: Install Node.js
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: 20.18.2
- name: Build
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/deploy-website-staging.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
steps:
# Make sure we have some code to test
- name: Harden runner
uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
egress-policy: block
allowed-endpoints: >
Expand All @@ -33,7 +33,7 @@
needs: hardening
steps:
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Download a single artifact
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/hardening.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
steps:
# Make sure we have some code to test
- name: Harden runner
uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
egress-policy: block
allowed-endpoints: >
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pre-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
# Set the pip environment up
- name: Get Python
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
runs-on: "ubuntu-latest"
steps:
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
# Set the pip environment up
- name: Get Python
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/run-tests-generate-output.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ jobs:
artifact-url: ${{ steps.upload_artifact.outputs.artifact-url }}
steps:
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Create tmp branch for artifacts and get parent and object ref
Expand All @@ -45,7 +45,7 @@ jobs:
echo "object_tree=`git write-tree`" >> "$GITHUB_ENV"
git switch --orphan "tmp-$BRANCH_NAME-artifacts"
- name: Checkout branch for pull request
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
ref: ${{ github.event.pull_request.head.ref }}
# Set the pip environment up
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/run-tests.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
ref: ${{ github.event.pull_request.head.sha }}
# Set the pip environment up
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/scorecard.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ jobs:
id-token: write
steps:
- name: "Checkout code"
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false

Expand Down Expand Up @@ -57,6 +57,6 @@ jobs:

# required for Code scanning alerts
- name: "Upload SARIF results to code scanning"
uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v3.29.5
uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v3.29.5
with:
sarif_file: results.sarif
2 changes: 1 addition & 1 deletion Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,5 +34,5 @@ COPY --chown=builder:union Pipfile Pipfile.lock ./
RUN pipenv --python "$(which python)" install --ignore-pipfile --dev
ENTRYPOINT ["/usr/local/bin/pipenv"]

FROM mvdan/shfmt@sha256:20597e9d127ea8442384d0b2d8b755ae14e7aab29ad27ba8cc9d3440e7926e4d AS shfmt
FROM mvdan/shfmt@sha256:e414177e424692cd21a5113216edeeeb56fc76b0ed2e5eb3a6c48404d5548a76 AS shfmt
ENTRYPOINT ["/bin/shfmt"]
8 changes: 4 additions & 4 deletions Pipfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,12 @@ url = "https://pypi.org/simple"
verify_ssl = true

[dev-packages]
black = "==25.11.0"
coverage = "==7.12.0"
black = "==25.12.0"
coverage = "==7.13.0"
flake8 = "==7.3.0"
httpretty = "==1.1.4"
mypy = "==1.19.0"
pytest = "==9.0.1"
pytest = "==9.0.2"
pytest-cov = "==7.0.0"
freezegun = "==1.5.5"
security = "==1.3.1"
Expand All @@ -21,7 +21,7 @@ qrcode = "==8.2"
requests = "==2.32.5"
types-requests = "==2.32.4.20250913"
typing_extensions = "==4.8.0"
urllib3 = "==2.5.0"
urllib3 = "==2.6.2"
charset-normalizer = "==3.4.4"
python-docx = "==1.1.0"
PyYAML = "==6.0.1"
Expand Down
Loading