maltrieve icon indicating copy to clipboard operation
maltrieve copied to clipboard
verified publisher icon krmaxwell

Feature Request: download size filter

Open eldraco opened this issue 10 years ago • 1 comments

Does it have some sort of download size filter? So we can avoid downloading a 1GB file?

eldraco avatar Apr 04 '15 11:04 eldraco

For serves that provide a Content-Length HTTP header, we could possibly do this. The caveat of course is that the spec does not require servers to provide this header and so we won't always know a file size until we grab the file.

If somebody wants to implement this, I'd like to see it this way:

  • Option in maltrieve.cfg specifying max file size
  • The Body Content Workflow feature of requests can do this with appropriate logic.
  • If no option is specified, then don't restrict file size.

This is probably a security issue, to be honest, because a malicious attacker could serve a fake stream to fill up the file system where Maltrieve stores the data. But in that case they probably won't use the Content-Length header and so this wouldn't fix that. So, separately from any code implementation as described above, the documentation should make clear that dumpdir needs to be on a non-system partition to avoid a denial of service.

I appreciate this question, it's really helpful!

krmaxwell avatar Apr 04 '15 17:04 krmaxwell