fix: maximum upload filesize

dobin · Sep 24, 2023 · c45fd11 · c45fd11
1 parent d01e25f
commit c45fd11
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 9 deletions.
diff --git a/app/templates/index.html b/app/templates/index.html
@@ -21,7 +21,8 @@ <h2>about this</h2>
 
     <p>Supported formats: 
       <ul>
-        <li>.exe (PE or .NET)</li>
+        <li>.exe native code</li>
+        <li>.exe .NET IL</li>
         <li>.docm</li>
         <li>.ps1</li>
       </ul>

diff --git a/app/templates/upload.html b/app/templates/upload.html
@@ -26,16 +26,18 @@ <h2>Upload</h2>
     </li>
   </ul>
 
-  <p>
-    Theres a 1/3 chance the scan will take less than a minute, 
-    1/3 chance that it will take less than 10,
-    and 1/3 chance that it may take an hour. 
-  </p>
+  Scan time:
+  <ul>
+    <li>1/3 chance for about a minute</li>
+    <li>1/3 chance for around 10 minutes</li>
+    <li>1/3 chance that it may take an 1 hour </li>
+  </ul>
 
   <p>
     All uploads will be stored. All requests are logged. 
     Defender sample submission is disabled.
     Use at your own risk. Do not misuse this service. 
+    Maximum filesize 50MB.
   </p>
   <p>
     Bookmark the link of your file analysis to access it again. It is random, and not listed.

diff --git a/app/views_upload.py b/app/views_upload.py
@@ -56,16 +56,21 @@ def upload_file():
         # Check all required parameters
         if 'server' not in request.form or not request.form['server'].isalnum():
             # no haxxoring in server name
-            logging.error('Invalid server name')
+            logging.warn('Invalid server name')
             return 'Invalid server name', 400
         serverName = request.form['server']
         if not 'file' in request.files or request.files['file'].filename == '':
             # If the user does not select a file, the browser submits an empty file without a filename
-            logging.error('No selected file')
+            logging.warn('No selected file')
             return 'No file selected', 400
         fileName = request.files['file'].filename
         fileData = request.files['file'].read()
 
+        maxFileSize = 50 * 1024 * 1024
+        if len (fileData) > maxFileSize:
+            logging.warn("File too big: {}".format(len(fileData)))
+            return "File size larget than {}".format(maxFileSize)
+
         # check if server is online
         try:
             serverUrl = current_app.config['AVRED_SERVERS'][serverName]

diff --git a/scanner.py b/scanner.py
@@ -86,7 +86,8 @@ def scannerDetectsBytes(self, data: bytes, filename: str, useBrotli=True):
             res = req.post(f"{self.scanner_path}/scan", params=params, data=scanData, timeout=10)
         except:
             # try again
-            logging.warning("Invalid server answer, retrying once")
+            logging.warning("Server timeout, retrying once")
+            logging.warning("Increase timeout if you scan large files")
             res = req.post(f"{self.scanner_path}/scan", params=params, data=scanData, timeout=10)
         jsonRes = res.json()
         scanTime = round(time.time() - timeStart, 3)