Commit 6d1237a
committed
fix(security): cap KB document download size to prevent memory-exhaustion DoS
Knowledge-base ingestion downloaded an attacker-controlled external fileUrl
with no byte cap: downloadFileFromUrl defaults maxBytes to MAX_SAFE_INTEGER,
so the streaming reader buffered the entire response into memory uncapped.
An authenticated user could OOM the processing worker by pointing fileUrl at
a server that streams an unbounded body.
Wire the documented 100MB file-size limit (MAX_FILE_SIZE) into the ingestion
download helper. The existing stream limiter aborts the read once the cap is
exceeded and rejects up front on an oversized Content-Length, so the body is
never fully buffered.1 parent 3c6c6b1 commit 6d1237a
1 file changed
Lines changed: 12 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
22 | 22 | | |
23 | 23 | | |
24 | 24 | | |
| 25 | + | |
25 | 26 | | |
26 | 27 | | |
27 | 28 | | |
| |||
380 | 381 | | |
381 | 382 | | |
382 | 383 | | |
| 384 | + | |
| 385 | + | |
| 386 | + | |
| 387 | + | |
| 388 | + | |
| 389 | + | |
383 | 390 | | |
384 | | - | |
| 391 | + | |
| 392 | + | |
| 393 | + | |
| 394 | + | |
| 395 | + | |
385 | 396 | | |
386 | 397 | | |
387 | 398 | | |
| |||
0 commit comments