33 lines
822 B
Plaintext
33 lines
822 B
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
A 100 MB file is allowed to be uploaded:
|
|
|
|
----
|
|
@Bean(name = "multipartResolver")
|
|
public CommonsMultipartResolver multipartResolver() {
|
|
CommonsMultipartResolver multipartResolver = new CommonsMultipartResolver();
|
|
multipartResolver.setMaxUploadSize(100000000); // Sensitive (100 MB), by default if maxUploadSize property is not defined, there is no limit and thus it's insecure
|
|
return multipartResolver;
|
|
}
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
File upload size is limited to 8 MB:
|
|
|
|
----
|
|
@Bean(name = "multipartResolver")
|
|
public CommonsMultipartResolver multipartResolver() {
|
|
multipartResolver.setMaxUploadSize(8000000); // Compliant (8 MB)
|
|
return multipartResolver;
|
|
}
|
|
----
|
|
|
|
include::../see.adoc[]
|