2021-01-27 04:07:23 +00:00
include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
A 100 MB file is allowed to be uploaded:
----
@Bean(name = "multipartResolver")
public CommonsMultipartResolver multipartResolver() {
CommonsMultipartResolver multipartResolver = new CommonsMultipartResolver();
2021-01-28 15:53:33 +01:00
multipartResolver.setMaxUploadSize(100000000); // Sensitive (100 MB), by default if maxUploadSize property is not defined, there is no limit and thus it's insecure
2021-01-27 04:07:23 +00:00
return multipartResolver;
}
----
== Compliant Solution
2021-01-27 12:06:36 +01:00
File upload size is limited to 8 MB:
2021-01-27 04:07:23 +00:00
----
@Bean(name = "multipartResolver")
public CommonsMultipartResolver multipartResolver() {
multipartResolver.setMaxUploadSize(8000000); // Compliant (8 MB)
return multipartResolver;
}
----
include::../see.adoc[]
