fetch_all_pages loops as long as the server returns a next_page_token:
while page_token
payload = original_payload.merge(page_token: page_token)
response = post("/query", payload)
vulns.concat(response["vulns"] || [])
page_token = response["next_page_token"]
endlib/brew/vulns/osv_client.rb:124-129
If OSV returns a buggy response that keeps echoing a token (or returns the same token twice), this allocates memory via vulns.concat until the process is killed.
A page counter that bails after some reasonable limit (50, 100) costs nothing and turns an infinite loop into a clear error.
fetch_all_pagesloops as long as the server returns anext_page_token:lib/brew/vulns/osv_client.rb:124-129
If OSV returns a buggy response that keeps echoing a token (or returns the same token twice), this allocates memory via
vulns.concatuntil the process is killed.A page counter that bails after some reasonable limit (50, 100) costs nothing and turns an infinite loop into a clear error.