54 lines
1.4 KiB
Plaintext
54 lines
1.4 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
With default limit value of 8388608 (8MB).
|
|
|
|
A 100 MB file is allowed to be uploaded:
|
|
|
|
----
|
|
@Bean(name = "multipartResolver")
|
|
public CommonsMultipartResolver multipartResolver() {
|
|
CommonsMultipartResolver multipartResolver = new CommonsMultipartResolver();
|
|
multipartResolver.setMaxUploadSize(104857600); // Sensitive (100MB)
|
|
return multipartResolver;
|
|
}
|
|
|
|
@Bean(name = "multipartResolver")
|
|
public CommonsMultipartResolver multipartResolver() {
|
|
CommonsMultipartResolver multipartResolver = new CommonsMultipartResolver(); // Sensitive, by default if maxUploadSize property is not defined, there is no limit and thus it's insecure
|
|
return multipartResolver;
|
|
}
|
|
|
|
@Bean
|
|
public MultipartConfigElement multipartConfigElement() {
|
|
MultipartConfigFactory factory = new MultipartConfigFactory(); // Sensitive, no limit by default
|
|
return factory.createMultipartConfig();
|
|
}
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
File upload size is limited to 8 MB:
|
|
|
|
----
|
|
@Bean(name = "multipartResolver")
|
|
public CommonsMultipartResolver multipartResolver() {
|
|
multipartResolver.setMaxUploadSize(8388608); // Compliant (8 MB)
|
|
return multipartResolver;
|
|
}
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|