Limit upload size to 5GB

AWS has a limit of 5GB uploads for single-part uploads, which is the reason 5GB was selected here. This does not necessarily prevent the risk of a DOS but it does require a user to start multiple simultaneous uploads. Issue #145 A user could create a DOS by uploading files that are too large
PermanentOrg · Aug 3, 2023 · 860daf7 · 860daf7
1 parent bacbfda
commit 860daf7
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/src/classes/SftpSessionHandler.ts b/src/classes/SftpSessionHandler.ts
@@ -252,6 +252,24 @@ export class SftpSessionHandler {
       this.sftpConnection.status(reqId, SFTP_STATUS_CODE.FAILURE);
       return;
     }
+
+    if (offset + data.length > 5368709120) { // 5 GB
+      logger.verbose(
+        'Response: Status (FAILURE)',
+        {
+          reqId,
+          code: SFTP_STATUS_CODE.FAILURE,
+          path: temporaryFile.virtualPath,
+        },
+      );
+      this.sftpConnection.status(
+        reqId,
+        SFTP_STATUS_CODE.FAILURE,
+        'You cannot upload files larger then 5 GB.',
+      );
+      return;
+    }
+
     fs.write(
       temporaryFile.fd,
       data,