Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enforce upload size limit on putResourceFromUrl api #8562

Open
wants to merge 24 commits into
base: main
Choose a base branch
from

Conversation

tylerjmchugh
Copy link
Contributor

@tylerjmchugh tylerjmchugh commented Dec 13, 2024

Currently the putResourceFromURL api does not enforce the maximum upload size limit. This means that you can upload files larger than the limit if you provide a URL to that resource rather than uploading the file directly.

This PR aims to fix this issue by checking the InputStream's available bytes against the configured maxUploadSize.

Checklist

  • I have read the contribution guidelines
  • Pull request provided for main branch, backports managed with label
  • Good housekeeping of code, cleaning up comments, tests, and documentation
  • Clean commit history broken into understandable chucks, avoiding big commits with hundreds of files, cautious of reformatting and whitespace changes
  • Clean commit messages, longer verbose messages are encouraged
  • API Changes are identified in commit messages
  • Testing provided for features or enhancements using automatic tests
  • User documentation provided for new features or enhancements in manual
  • Build documentation provided for development instructions in README.md files
  • Library management using pom.xml dependency management. Update build documentation with intended library use and library tutorials or documentation

@CLAassistant
Copy link

CLAassistant commented Dec 13, 2024

CLA assistant check
All committers have signed the CLA.

@josegar74 josegar74 added this to the 4.4.7 milestone Dec 16, 2024
@tylerjmchugh tylerjmchugh marked this pull request as ready for review December 18, 2024 15:36
Copy link
Member

@josegar74 josegar74 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've tested the PR and is.available() seems depending on the remote server. I found different cases: returning 0, the size and also less size.

It doesn't seem totally reliable.

For the FileSystemStore I see it's copied to a file here:

Files.copy(is, filePath, StandardCopyOption.REPLACE_EXISTING);

Maybe an option can be to updated that method (similar for other datastorages), to copy the file first to a temporal folder to calculate the size and throw the exception if it's bigger than the size allowed. Otherwise copy the file to the store.

@ianwallen
Copy link
Contributor

I don't like having to copy the file to temporary locations. It is best to keep them as streams.

I wonder if it is possible to control the bytes uploaded to the stream - i.e. specify the max bytes in the file copy. If so we could specify max+1 and it the number of bytes uploaded is greater than max then we can rollback the upload.

We could use is.available() as a quick way to fail but if the value is less than the max then we could proceed to the second method (if possible).

@tylerjmchugh
Copy link
Contributor Author

@ianwallen Looks like I misunderstood your suggestion. I will look into avoiding the temp file altogether and figure out how to rollback the upload to the store when the limit is reached.

@@ -165,6 +166,23 @@ public ApiError maxFileExceededHandler(final Exception exception, final HttpServ
.withDescriptionKey("exception.maxUploadSizeExceeded.description",
new String[]{FileUtil.humanizeFileSize(contentLength),
FileUtil.humanizeFileSize(((MaxUploadSizeExceededException) exception).getMaxUploadSize())});
} else if (exception instanceof InputStreamLimitExceededException) {
long maxUploadSize = ((InputStreamLimitExceededException) exception).getMaxUploadSize();
long remoteFileSize = ((InputStreamLimitExceededException) exception).getRemoteFileSize();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm a little confused over this error handling. I don't think you need and if {} else if {} else {} I think there should only be if {} else {}

I believe uploadedResourceSizeExceededException is an exception that is raised when request.getContentLengthLong() is incorrect (i.e. less than the max allowed or not specified). And this issue can apply for MaxUploadSizeExceededException or InputStreamLimitExceededException

So if you get MaxUploadSizeExceededException or InputStreamLimitExceededException, we should be handling the same error.

If remoteFileSize > maxUploadSize || request.getContentLengthLong() > maxUploadSize then we know the size and it is over the limit so we can use uploadedResourceSizeExceededException
else the size was incorrect or was not supplied so we don't know or trust the value and can use maxUploadSizeExceededUnknownSize

Note sure how difficult it would be to test for request.getContentLengthLong() > 0 && request.getContentLengthLong() < maxUploadSize . In that case we should probably log a warning indicating that a request was submitted where the request.getContentLengthLong() was not the same as the content sent. This could indicate someone trying to hack the system.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants