Add limit readers for readers that consume data from external sources. (#2042)

This adds a safety layer to tune resource usage for any reads of APKs,
APK indexes, or other external data sources.

These are all optional flags, that default to a default value if not
set.

Author: wlynch

internal/cli/build-cpio.go

@@ -28,6 +28,7 @@ import (
 	"chainguard.dev/apko/pkg/build"
 	"chainguard.dev/apko/pkg/build/types"
 	"chainguard.dev/apko/pkg/cpio"
+	"chainguard.dev/apko/pkg/options"
 )
 
 func buildCPIO() *cobra.Command {
@@ -38,6 +39,7 @@ func buildCPIO() *cobra.Command {
 	var extraBuildRepos []string
 	var extraRepos []string
 	var extraPackages []string
+	var sizeLimits options.SizeLimits
 
 	cmd := &cobra.Command{
 		Use:     "build-cpio",
@@ -56,6 +58,7 @@ func buildCPIO() *cobra.Command {
 				build.WithBuildDate(buildDate),
 				build.WithSBOM(sbomPath),
 				build.WithArch(types.ParseArchitecture(buildArch)),
+				build.WithSizeLimits(sizeLimits),
 			)
 		},
 	}
@@ -67,6 +70,7 @@ func buildCPIO() *cobra.Command {
 	cmd.Flags().StringSliceVarP(&extraBuildRepos, "build-repository-append", "b", []string{}, "path to extra repositories to include")
 	cmd.Flags().StringSliceVarP(&extraRepos, "repository-append", "r", []string{}, "path to extra repositories to include")
 	cmd.Flags().StringSliceVarP(&extraPackages, "package-append", "p", []string{}, "extra packages to include")
+	addClientLimitFlags(cmd, &sizeLimits)
 
 	return cmd
 }

internal/cli/build-minirootfs.go

@@ -26,6 +26,7 @@ import (
 
 	"chainguard.dev/apko/pkg/build"
 	"chainguard.dev/apko/pkg/build/types"
+	"chainguard.dev/apko/pkg/options"
 	"chainguard.dev/apko/pkg/tarfs"
 )
 
@@ -38,6 +39,7 @@ func buildMinirootFS() *cobra.Command {
 	var extraBuildRepos []string
 	var extraRepos []string
 	var extraPackages []string
+	var sizeLimits options.SizeLimits
 
 	cmd := &cobra.Command{
 		Use:     "build-minirootfs",
@@ -57,6 +59,7 @@ func buildMinirootFS() *cobra.Command {
 				build.WithSBOM(sbomPath),
 				build.WithArch(types.ParseArchitecture(buildArch)),
 				build.WithIgnoreSignatures(ignoreSignatures),
+				build.WithSizeLimits(sizeLimits),
 			)
 		},
 	}
@@ -69,6 +72,7 @@ func buildMinirootFS() *cobra.Command {
 	cmd.Flags().StringSliceVarP(&extraBuildRepos, "build-repository-append", "b", []string{}, "path to extra repositories to include")
 	cmd.Flags().StringSliceVarP(&extraRepos, "repository-append", "r", []string{}, "path to extra repositories to include")
 	cmd.Flags().StringSliceVarP(&extraPackages, "package-append", "p", []string{}, "extra packages to include")
+	addClientLimitFlags(cmd, &sizeLimits)
 
 	return cmd
 }

internal/cli/build.go

@@ -37,6 +37,7 @@ import (
 	"chainguard.dev/apko/pkg/build"
 	"chainguard.dev/apko/pkg/build/oci"
 	"chainguard.dev/apko/pkg/build/types"
+	"chainguard.dev/apko/pkg/options"
 	"chainguard.dev/apko/pkg/sbom/generator"
 	"chainguard.dev/apko/pkg/tarfs"
 )
@@ -58,6 +59,7 @@ func buildCmd() *cobra.Command {
 	var lockfile string
 	var includePaths []string
 	var ignoreSignatures bool
+	var sizeLimits options.SizeLimits
 
 	cmd := &cobra.Command{
 		Use:   "build",
@@ -116,6 +118,7 @@ Along the image, apko will generate SBOMs (software bill of materials) describin
 				build.WithTempDir(tmp),
 				build.WithIncludePaths(includePaths),
 				build.WithIgnoreSignatures(ignoreSignatures),
+				build.WithSizeLimits(sizeLimits),
 			)
 		},
 	}
@@ -136,6 +139,7 @@ Along the image, apko will generate SBOMs (software bill of materials) describin
 	cmd.Flags().StringVar(&lockfile, "lockfile", "", "a path to .lock.json file (e.g. produced by apko lock) that constraints versions of packages to the listed ones (default '' means no additional constraints)")
 	cmd.Flags().StringSliceVar(&includePaths, "include-paths", []string{}, "Additional include paths where to look for input files (config, base image, etc.). By default apko will search for paths only in workdir. Include paths may be absolute, or relative. Relative paths are interpreted relative to workdir. For adding extra paths for packages, use --repository-append.")
 	cmd.Flags().BoolVar(&ignoreSignatures, "ignore-signatures", false, "ignore repository signature verification")
+	addClientLimitFlags(cmd, &sizeLimits)
 	return cmd
 }
 

internal/cli/flags.go

@@ -0,0 +1,35 @@
+// Copyright 2022, 2023 Chainguard, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cli
+
+import (
+	"github.com/spf13/cobra"
+
+	"chainguard.dev/apko/pkg/options"
+)
+
+// addClientLimitFlags adds size limit flags for APK client operations (fetching indexes, expanding packages).
+func addClientLimitFlags(cmd *cobra.Command, limits *options.SizeLimits) {
+	defaults := options.DefaultSizeLimits()
+
+	cmd.Flags().Int64Var(&limits.APKIndexDecompressedMaxSize, "max-apkindex-decompressed-size", defaults.APKIndexDecompressedMaxSize,
+		"maximum decompressed size for APKINDEX archives in bytes, protects against gzip bombs (0=default, -1=no limit)")
+	cmd.Flags().Int64Var(&limits.APKControlMaxSize, "max-apk-control-size", defaults.APKControlMaxSize,
+		"maximum decompressed size for APK control sections in bytes (0=default, -1=no limit)")
+	cmd.Flags().Int64Var(&limits.APKDataMaxSize, "max-apk-data-size", defaults.APKDataMaxSize,
+		"maximum decompressed size for APK data sections in bytes, protects against gzip bombs (0=default, -1=no limit)")
+	cmd.Flags().Int64Var(&limits.HTTPResponseMaxSize, "max-http-response-size", defaults.HTTPResponseMaxSize,
+		"maximum size for HTTP responses in bytes (0=default, -1=no limit)")
+}

pkg/apk/apk/apkindex.go

@@ -14,11 +14,17 @@ import (
 	"strings"
 	"text/template"
 	"time"
+
+	"chainguard.dev/apko/pkg/limitio"
 )
 
 const apkIndexFilename = "APKINDEX"
 const descriptionFilename = "DESCRIPTION"
 
+// DefaultMaxAPKIndexDecompressedSize is the maximum decompressed size for APKINDEX archives (100 MB).
+// This protects against gzip bombs where a small compressed file expands to a huge size.
+const DefaultMaxAPKIndexDecompressedSize = 100 << 20
+
 // Go template for generating the APKINDEX file from an ApkIndex struct
 var apkIndexTemplate = template.Must(template.New(apkIndexFilename).Funcs(
 	template.FuncMap{
@@ -197,15 +203,39 @@ func ParsePackageIndex(apkIndexUnpacked io.Reader) ([]*Package, error) {
 	return packages, indexScanner.Err()
 }
 
-func IndexFromArchive(archive io.ReadCloser) (*APKIndex, error) {
+// IndexFromArchiveOption configures IndexFromArchive behavior.
+type IndexFromArchiveOption func(*indexFromArchiveOpts)
+
+type indexFromArchiveOpts struct {
+	decompressedMaxSize int64
+}
+
+// WithDecompressedMaxSize sets the maximum decompressed size for the APKINDEX archive.
+// Use 0 for default, or < 0 for unlimited.
+func WithDecompressedMaxSize(size int64) IndexFromArchiveOption {
+	return func(o *indexFromArchiveOpts) {
+		o.decompressedMaxSize = size
+	}
+}
+
+// IndexFromArchive parses an APKINDEX archive. Options can be used to configure
+// size limits to protect against gzip bombs.
+func IndexFromArchive(archive io.ReadCloser, opts ...IndexFromArchiveOption) (*APKIndex, error) {
+	o := &indexFromArchiveOpts{}
+	for _, opt := range opts {
+		opt(o)
+	}
+
 	gzipReader, err := gzip.NewReader(archive)
 	if err != nil {
 		return nil, err
 	}
 
 	defer gzipReader.Close()
 
-	tarReader := tar.NewReader(gzipReader)
+	// Wrap gzipReader with size limit, then create tar reader on top.
+	// The limit protects against tar bombs where file headers claim huge sizes.
+	tarReader := tar.NewReader(limitio.NewLimitedReaderWithDefault(gzipReader, o.decompressedMaxSize, DefaultMaxAPKIndexDecompressedSize))
 	apkindex := &APKIndex{}
 
 	for {

pkg/apk/apk/implementation.go

@@ -53,6 +53,11 @@ import (
 	"github.com/chainguard-dev/clog"
 )
 
+const (
+	// DefaultHTTPResponseSize is the default maximum size for HTTP responses (2 GB).
+	DefaultHTTPResponseSize = 2 << 30
+)
+
 type APK struct {
 	arch               string
 	version            string
@@ -65,6 +70,7 @@ type APK struct {
 	noSignatureIndexes []string
 	auth               auth.Authenticator
 	packageGetter      PackageGetter
+	sizeLimits         *SizeLimits
 
 	// filename to owning package, last write wins
 	installedFiles map[string]*Package
@@ -74,6 +80,14 @@ type APK struct {
 	ByArch map[string]*APK
 }
 
+// apkIndexDecompressedMaxSize returns the configured max decompressed APK index size or 0 for default.
+func (a *APK) apkIndexDecompressedMaxSize() int64 {
+	if a.sizeLimits != nil && a.sizeLimits.APKIndexDecompressedMaxSize != 0 {
+		return a.sizeLimits.APKIndexDecompressedMaxSize
+	}
+	return 0 // use default
+}
+
 func New(ctx context.Context, options ...Option) (*APK, error) {
 	opt := defaultOpts()
 	for _, o := range options {
@@ -87,17 +101,33 @@ func New(ctx context.Context, options ...Option) (*APK, error) {
 		opt.fs = apkfs.DirFS(ctx, "/")
 	}
 
-	client := retryablehttp.NewClient()
+	// Wrap transport with response size limiter
+	transport := opt.transport
+	var httpResponseMaxSize int64
+	if opt.sizeLimits != nil {
+		httpResponseMaxSize = opt.sizeLimits.HTTPResponseMaxSize
+	}
+	transport = newLimitedResponseTransport(transport, httpResponseMaxSize)
 
-	client.HTTPClient = &http.Client{Transport: opt.transport}
+	client := retryablehttp.NewClient()
+	client.HTTPClient = &http.Client{Transport: transport}
 	client.Logger = clog.FromContext(ctx)
 
 	httpClient := client.StandardClient()
 
 	// Create default PackageGetter if none provided
 	packageGetter := opt.packageGetter
 	if packageGetter == nil {
-		packageGetter = newDefaultPackageGetter(httpClient, opt.cache, opt.auth)
+		var getterOpts []packageGetterOption
+		if opt.sizeLimits != nil {
+			if opt.sizeLimits.APKControlMaxSize != 0 {
+				getterOpts = append(getterOpts, withAPKControlMaxSize(opt.sizeLimits.APKControlMaxSize))
+			}
+			if opt.sizeLimits.APKDataMaxSize != 0 {
+				getterOpts = append(getterOpts, withAPKDataMaxSize(opt.sizeLimits.APKDataMaxSize))
+			}
+		}
+		packageGetter = newDefaultPackageGetter(httpClient, opt.cache, opt.auth, getterOpts...)
 	}
 
 	return &APK{
@@ -113,6 +143,7 @@ func New(ctx context.Context, options ...Option) (*APK, error) {
 		installedFiles:     map[string]*Package{},
 		auth:               opt.auth,
 		packageGetter:      packageGetter,
+		sizeLimits:         opt.sizeLimits,
 	}, nil
 }
 

pkg/apk/apk/index.go

@@ -457,7 +457,11 @@ func parseRepositoryIndex(ctx context.Context, u string, keys map[string][]byte,
 		}
 	}
 	// with a valid signature, convert it to an ApkIndex
-	index, err := IndexFromArchive(io.NopCloser(bytes.NewReader(b)))
+	var archiveOpts []IndexFromArchiveOption
+	if opts.indexDecompressedMaxSize != 0 {
+		archiveOpts = append(archiveOpts, WithDecompressedMaxSize(opts.indexDecompressedMaxSize))
+	}
+	index, err := IndexFromArchive(io.NopCloser(bytes.NewReader(b)), archiveOpts...)
 	if err != nil {
 		return nil, fmt.Errorf("unable to read convert repository index bytes to index struct: %w", err)
 	}
@@ -466,10 +470,11 @@ func parseRepositoryIndex(ctx context.Context, u string, keys map[string][]byte,
 }
 
 type indexOpts struct {
-	ignoreSignatures   bool
-	noSignatureIndexes []string
-	httpClient         *http.Client
-	auth               auth.Authenticator
+	ignoreSignatures         bool
+	noSignatureIndexes       []string
+	httpClient               *http.Client
+	auth                     auth.Authenticator
+	indexDecompressedMaxSize int64
 }
 type IndexOption func(*indexOpts)
 
@@ -497,6 +502,12 @@ func WithIndexAuthenticator(a auth.Authenticator) IndexOption {
 	}
 }
 
+func WithIndexDecompressedMaxSize(size int64) IndexOption {
+	return func(o *indexOpts) {
+		o.indexDecompressedMaxSize = size
+	}
+}
+
 func redact(in string) string {
 	asURL, err := url.Parse(in)
 	if err != nil {

pkg/apk/apk/limited_transport.go

@@ -0,0 +1,63 @@
+// Copyright 2026 Chainguard, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package apk
+
+import (
+	"io"
+	"net/http"
+
+	"chainguard.dev/apko/pkg/limitio"
+)
+
+// limitedResponseTransport wraps an http.RoundTripper and limits the size of response bodies.
+type limitedResponseTransport struct {
+	wrapped http.RoundTripper
+	maxSize int64
+}
+
+// newLimitedResponseTransport creates a new transport that limits HTTP response body sizes.
+// If maxSize is -1, responses are unlimited.
+// If maxSize is 0, the default DefaultHTTPResponseSize is used.
+func newLimitedResponseTransport(wrapped http.RoundTripper, maxSize int64) http.RoundTripper {
+	return &limitedResponseTransport{
+		wrapped: wrapped,
+		maxSize: maxSize,
+	}
+}
+
+func (t *limitedResponseTransport) RoundTrip(req *http.Request) (*http.Response, error) {
+	resp, err := t.wrapped.RoundTrip(req)
+	if err != nil {
+		return nil, err
+	}
+
+	// Wrap the response body with a limited reader
+	resp.Body = &limitedReadCloser{
+		ReadCloser: resp.Body,
+		limited:    limitio.NewLimitedReaderWithDefault(resp.Body, t.maxSize, DefaultHTTPResponseSize),
+	}
+
+	return resp, nil
+}
+
+// limitedReadCloser wraps a ReadCloser with size limiting.
+type limitedReadCloser struct {
+	io.ReadCloser
+	limited io.Reader
+}
+
+func (l *limitedReadCloser) Read(p []byte) (int, error) {
+	return l.limited.Read(p)
+}