-
-
Notifications
You must be signed in to change notification settings - Fork 490
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enforce upload size limit on putResourceFromUrl api #8562
base: main
Are you sure you want to change the base?
Enforce upload size limit on putResourceFromUrl api #8562
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've tested the PR and is.available()
seems depending on the remote server. I found different cases: returning 0, the size and also less size.
It doesn't seem totally reliable.
For the FileSystemStore I see it's copied to a file here:
core-geonetwork/core/src/main/java/org/fao/geonet/api/records/attachments/FilesystemStore.java
Line 205 in da294f7
Files.copy(is, filePath, StandardCopyOption.REPLACE_EXISTING); |
Maybe an option can be to updated that method (similar for other datastorages), to copy the file first to a temporal folder to calculate the size and throw the exception if it's bigger than the size allowed. Otherwise copy the file to the store.
I don't like having to copy the file to temporary locations. It is best to keep them as streams. I wonder if it is possible to control the bytes uploaded to the stream - i.e. specify the max bytes in the file copy. If so we could specify max+1 and it the number of bytes uploaded is greater than max then we can rollback the upload. We could use is.available() as a quick way to fail but if the value is less than the max then we could proceed to the second method (if possible). |
@ianwallen Looks like I misunderstood your suggestion. I will look into avoiding the temp file altogether and figure out how to rollback the upload to the store when the limit is reached. |
core/src/main/java/org/fao/geonet/api/records/attachments/AbstractStore.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/fao/geonet/api/records/attachments/AbstractStore.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/fao/geonet/api/records/attachments/AbstractStore.java
Outdated
Show resolved
Hide resolved
datastorages/jcloud/src/main/java/org/fao/geonet/api/records/attachments/JCloudStore.java
Outdated
Show resolved
Hide resolved
datastorages/jcloud/src/main/java/org/fao/geonet/api/records/attachments/JCloudStore.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/fao/geonet/api/records/attachments/FilesystemStore.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/fao/geonet/api/records/attachments/AbstractStore.java
Outdated
Show resolved
Hide resolved
@@ -165,6 +166,23 @@ public ApiError maxFileExceededHandler(final Exception exception, final HttpServ | |||
.withDescriptionKey("exception.maxUploadSizeExceeded.description", | |||
new String[]{FileUtil.humanizeFileSize(contentLength), | |||
FileUtil.humanizeFileSize(((MaxUploadSizeExceededException) exception).getMaxUploadSize())}); | |||
} else if (exception instanceof InputStreamLimitExceededException) { | |||
long maxUploadSize = ((InputStreamLimitExceededException) exception).getMaxUploadSize(); | |||
long remoteFileSize = ((InputStreamLimitExceededException) exception).getRemoteFileSize(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm a little confused over this error handling. I don't think you need and if {} else if {} else {}
I think there should only be if {} else {}
I believe uploadedResourceSizeExceededException
is an exception that is raised when request.getContentLengthLong()
is incorrect (i.e. less than the max allowed or not specified). And this issue can apply for MaxUploadSizeExceededException
or InputStreamLimitExceededException
So if you get MaxUploadSizeExceededException
or InputStreamLimitExceededException
, we should be handling the same error.
If remoteFileSize > maxUploadSize || request.getContentLengthLong() > maxUploadSize
then we know the size and it is over the limit so we can use uploadedResourceSizeExceededException
else the size was incorrect or was not supplied so we don't know or trust the value and can use maxUploadSizeExceededUnknownSize
Note sure how difficult it would be to test for request.getContentLengthLong() > 0 && request.getContentLengthLong() < maxUploadSize
. In that case we should probably log a warning indicating that a request was submitted where the request.getContentLengthLong() was not the same as the content sent. This could indicate someone trying to hack the system.
Co-authored-by: Ian <[email protected]>
Currently the
putResourceFromURL
api does not enforce the maximum upload size limit. This means that you can upload files larger than the limit if you provide a URL to that resource rather than uploading the file directly.This PR aims to fix this issue by checking the InputStream's available bytes against the configured
maxUploadSize
.Checklist
main
branch, backports managed with labelREADME.md
filespom.xml
dependency management. Update build documentation with intended library use and library tutorials or documentation