Skip to content

HttpURLConnectionDownloaderService: don't try to download a huge file #655

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
php-coder opened this issue Oct 16, 2017 · 3 comments
Open

HttpURLConnectionDownloaderService: don't try to download a huge file #655

php-coder opened this issue Oct 16, 2017 · 3 comments
Assignees
@php-coder
Labels
kind/improvement techdebt
Milestone
next

Comments

@php-coder
Copy link
Owner

php-coder commented Oct 16, 2017
edited
Loading

mystamps/src/main/java/ru/mystamps/web/service/HttpURLConnectionDownloaderService.java

Lines 183 to 189 in 8034083

// TODO: add protection against huge files
int contentLength = conn.getContentLength();
if (contentLength < 0) {
// TODO(security): fix possible log injection
LOG.debug("Couldn't download file: invalid Content-Length: {}", contentLength);
return Code.INVALID_FILE_SIZE;
}

Tech debt for: d839472 (#199)
@php-coder
Copy link
Owner Author

We also should use getContentLengthLong() instead of getContentLength() because the latter could return -1 also for the case when file size is greater than Integer.MAX_VALUE.

@php-coder php-coder self-assigned this Nov 1, 2017
@php-coder php-coder added this to the 0.4 milestone Nov 1, 2017
@php-coder
Copy link
Owner Author

The quoted code were removed in 4265235 commit.

@php-coder
Copy link
Owner Author

We can have 2 checks:

  • check the header
  • count written bytes

@php-coder php-coder modified the milestones: 0.4, next Nov 20, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@php-coder php-coder

Labels
kind/improvement techdebt
Projects
None yet
Milestone
next
Development

No branches or pull requests
1 participant
@php-coder