cyclonedx-web-tool icon indicating copy to clipboard operation
cyclonedx-web-tool copied to clipboard

Published 20 hours ago verified publisher icon CycloneDX

Verify: There is a 500kb max size for SBOM

Open patriksvensson opened this issue 2 years ago • 2 comments

It seems like all SBOMs over 500kb cannot be verified.

patriksvensson avatar Jul 31 '22 09:07 patriksvensson

isn't that because the limitation of upload file size? OpenReadStream enforces a maximum size in bytes of its Stream.Reading one file or multiple files larger than 512,000 bytes (500 KB) results in an exception. This limit prevents developers from accidentally reading large files into memory. The maxAllowedSize parameter ofOpenReadStream can be used to specify a larger size if required up to a maximum supported size of 2 GB (2,147,483,648 bytes).

which looks like apply to all three actions: validate, merge and convert https://github.com/CycloneDX/cyclonedx-web-tool/blob/master/src/CycloneDX.WebTool/Pages/Convert.razor#L92 https://github.com/CycloneDX/cyclonedx-web-tool/blob/master/src/CycloneDX.WebTool/Pages/Merge.razor#L93 https://github.com/CycloneDX/cyclonedx-web-tool/blob/master/src/CycloneDX.WebTool/Pages/Validate.razor#L77

zdtsw avatar Jul 31 '22 10:07 zdtsw

I've increased the limit to 100Mb. I should probably make this configurable or just use the maximum allowed size. The file handling is all done client side. So you can only DOS yourself.

coderpatros avatar Aug 12 '22 01:08 coderpatros