Skip to content

Make annotated services reject the multipart requests that contain an uninjectable file upload #5549

Description

@trustin

Given the following service:

@Consumes("multipart/form-data")
public class FileUploadService {
    @Post("/upload")
    public HttpResponse upload(@Param String text, @Param File file) throws IOException {
        ...
    }
}

A client can send a multipart request that contains more than one file, even if /upload expects the request to contains one single file in the file field. Regardless of whether the received multipart request contains the file field or not, FileAggregatedMultipart.aggregateMultipart() will decode and store all file fields into the upload location (filesystem). It means, a client can incur unnecessary disk writes by sending the multipart requests like the following:

  • Two file uploads in the field file and file2. (not an error but unnecessary disk write for file2)
  • One file upload in the field foo. (an error with completely unnecessary disk write)

We could:

  • collect the list of required parameters during annotation scanning,
  • pass the list of required parameters to the resolvers,
  • so that the resolvers reject the requests with missing or unnecessary fields.

We might reject the requests with unnecessary fields only for a certain type of requests such as multipart file uploads, though, because sending an unnecessary fields are often harmless.

Alternatively, we might want to silently discard the body part of unnecessary fields, given that we limit the total content length anyway.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions