Coreoz · amanteaux · Sep 23, 2024 · Sep 4, 2024 · Sep 5, 2024 · Sep 19, 2024
diff --git a/plume-conf/pom.xml b/plume-conf/pom.xml
@@ -47,7 +47,7 @@
 		</dependency>
 	</dependencies>
 
-	
+
 	<dependencyManagement>
 		<dependencies>
 			<dependency>

diff --git a/plume-web-jersey/README.md b/plume-web-jersey/README.md
@@ -27,6 +27,34 @@ To use it, register this feature in Jersey: `resourceConfig.register(RequireExpl
 
 Any custom annotation can be added (as long as the corresponding Jersey access control feature is configured...). In a doubt to configure the Jersey access control feature, see as an example the existing class `PermissionFeature` that checks the `RestrictTo` annotation access control.
 
+Content size limit
+------------------
+In order to protect the backend against attack that would send huge content, it is possible to limit the size of the content that can be sent to the backend.
+
+To do so, register the `ContentControlFeature` in Jersey: `resourceConfig.register(ContentControlFeature.class);`
+By default the content size of body is limited to 500 KB. This limit can be override for the whole api by using the `ContentControlFeatureFactory` to specify your own limit.
+
+Usage example:
+```java
+resourceConfig.register(new AbstractBinder() {
+    @Override
+    protected void configure() {
+        bindFactory(new ContentControlFeatureFactory(1000 * 1024 /* 1MB */)).to(ContentControlFeature.class);
+    }
+});
+```
+
+You can also override only a specific endpoint by using the `@ContentSizeLimit` annotation:
+```java
+@POST
+	@Path("/test")
+	@Operation(description = "Example web-service")
+    @ContentSizeLimit(1024 * 1000 * 5) // 5MB
+	public void test(Test test) {
+        logger.info("Test: {}", test.getName());
+	}
+```
+
 Data validation
 ---------------
 To validate web-service input data, an easy solution is to use `WsException`:

diff --git a/plume-web-jersey/pom.xml b/plume-web-jersey/pom.xml
@@ -100,16 +100,39 @@
 			<scope>provided</scope>
 		</dependency>
 
+        <!-- Tests -->
         <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <scope>test</scope>
-        </dependency>
+			<groupId>com.carlosbecker</groupId>
+			<artifactId>guice-junit-test-runner</artifactId>
+			<exclusions>
+				<exclusion>
+					<artifactId>guice</artifactId>
+					<groupId>com.google.inject</groupId>
+				</exclusion>
+			</exclusions>
+		</dependency>
         <dependency>
-            <groupId>org.assertj</groupId>
-            <artifactId>assertj-core</artifactId>
-            <scope>test</scope>
-        </dependency>
+			<groupId>junit</groupId>
+			<artifactId>junit</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.assertj</groupId>
+			<artifactId>assertj-core</artifactId>
+			<scope>test</scope>
+		</dependency>
+        <dependency>
+			<groupId>org.glassfish.jersey.test-framework</groupId>
+			<artifactId>jersey-test-framework-core</artifactId>
+			<version>3.1.1</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.glassfish.jersey.test-framework.providers</groupId>
+			<artifactId>jersey-test-framework-provider-grizzly2</artifactId>
+			<version>3.1.1</version>
+			<scope>test</scope>
+		</dependency>
 	</dependencies>
 
 	<dependencyManagement>

diff --git a/...-jersey/src/main/java/com/coreoz/plume/jersey/security/control/ContentControlFeature.java b/...-jersey/src/main/java/com/coreoz/plume/jersey/security/control/ContentControlFeature.java
@@ -0,0 +1,172 @@
+package com.coreoz.plume.jersey.security.control;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.lang.reflect.AnnotatedElement;
+
+import jakarta.ws.rs.WebApplicationException;
+import jakarta.ws.rs.container.DynamicFeature;
+import jakarta.ws.rs.container.ResourceInfo;
+import jakarta.ws.rs.core.FeatureContext;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.ext.ReaderInterceptor;
+import jakarta.ws.rs.ext.ReaderInterceptorContext;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class ContentControlFeature implements DynamicFeature {
+
+    public static final int DEFAULT_MAX_SIZE = 500 * 1024; // 500 KB
+    private final Integer maxSize;
+
+    public ContentControlFeature(int maxSize) {
+        this.maxSize = maxSize;
+    }
+
+    public ContentControlFeature() {
+        this.maxSize = DEFAULT_MAX_SIZE;
+    }
+
+    public Integer getContentSizeLimit() {
+        if (maxSize == null) {
+            return DEFAULT_MAX_SIZE;
+        }
+        return maxSize;
+    }
+
+    @Override
+    public void configure(ResourceInfo resourceInfo, FeatureContext context) {
+        addContentSizeFilter(resourceInfo.getResourceMethod(), context);
+    }
+
+    private void addContentSizeFilter(AnnotatedElement annotatedElement, FeatureContext methodResourcecontext) {
+        ContentSizeLimit contentSizeLimit = annotatedElement.getAnnotation(ContentSizeLimit.class);
+        methodResourcecontext.register(new ContentSizeLimitInterceptor(
+                contentSizeLimit != null ? contentSizeLimit.value() : maxSize
+            ));
+    }
+
+    public static class ContentSizeLimitInterceptor implements ReaderInterceptor {
+
+        private final int maxSize;
+
+        public ContentSizeLimitInterceptor(int maxSize) {
+            this.maxSize = maxSize;
+        }
+
+        // https://stackoverflow.com/questions/24516444/best-way-to-make-jersey-2-x-refuse-requests-with-incorrect-content-length
+        @Override
+        public Object aroundReadFrom(ReaderInterceptorContext context) throws IOException {
+            int headerContentLength = maxSize; // default value for GET or chunked body
+            String contentLengthHeader = context.getHeaders().getFirst(HttpHeaders.CONTENT_LENGTH);
+            if (contentLengthHeader != null) {
+                try {
+                    headerContentLength = Integer.parseInt(contentLengthHeader);
+                } catch (NumberFormatException e) {
+                    logger.warn("Wrong content length header received: {}", contentLengthHeader);
+                }
+            }
+
+            if (headerContentLength > maxSize) {
+                throw new WebApplicationException(
+                    Response.status(Response.Status.REQUEST_ENTITY_TOO_LARGE)
+                            .entity("Content size limit exceeded.")
+                            .build()
+                );
+            }
+
+            final InputStream contextInputStream = context.getInputStream();
+            context.setInputStream(new SizeLimitingInputStream(contextInputStream, headerContentLength));
+
+            return context.proceed();
+        }
+
+        public static final class SizeLimitingInputStream extends InputStream {
+            private long length = 0;
+            private int mark = 0;
+
+            private final int maxSize;
+
+            private final InputStream delegateInputStream;
+
+            public SizeLimitingInputStream(InputStream delegateInputStream, int maxSize) {
+                this.delegateInputStream = delegateInputStream;
+                this.maxSize = maxSize;
+            }
+
+            @Override
+            public int read() throws IOException {
+                final int read = delegateInputStream.read();
+                readAndCheck(read != -1 ? 1 : 0);
+                return read;
+            }
+
+            @Override
+            public int read(final byte[] b) throws IOException {
+                final int read = delegateInputStream.read(b);
+                readAndCheck(read != -1 ? read : 0);
+                return read;
+            }
+
+            @Override
+            public int read(final byte[] b, final int off, final int len) throws IOException {
+                final int read = delegateInputStream.read(b, off, len);
+                readAndCheck(read != -1 ? read : 0);
+                return read;
+            }
+
+            @Override
+            public long skip(final long n) throws IOException {
+                final long skip = delegateInputStream.skip(n);
+                readAndCheck(skip != -1 ? skip : 0);
+                return skip;
+            }
+
+            @Override
+            public int available() throws IOException {
+                return delegateInputStream.available();
+            }
+
+            @Override
+            public void close() throws IOException {
+                delegateInputStream.close();
+            }
+
+            @Override
+            public synchronized void mark(final int readlimit) {
+                mark += readlimit;
+                delegateInputStream.mark(readlimit);
+            }
+
+            @Override
+            public synchronized void reset() throws IOException {
+                this.length = 0;
+                readAndCheck(mark);
+                delegateInputStream.reset();
+            }
+
+            @Override
+            public boolean markSupported() {
+                return delegateInputStream.markSupported();
+            }
+
+            private void readAndCheck(final long read) {
+                this.length += read;
+
+                if (this.length > maxSize) {
+                    try {
+                        this.close();
+                    } catch (IOException e) {
+                        logger.error("Error while closing the input stream", e);
+                    }
+                    throw new WebApplicationException(
+                        Response.status(Response.Status.REQUEST_ENTITY_TOO_LARGE)
+                                .entity("Content size limit exceeded.")
+                                .build()
+                    );
+                }
+            }
+        }
+    }
+}
diff --git a/.../src/main/java/com/coreoz/plume/jersey/security/control/ContentControlFeatureFactory.java b/.../src/main/java/com/coreoz/plume/jersey/security/control/ContentControlFeatureFactory.java
@@ -0,0 +1,21 @@
+package com.coreoz.plume.jersey.security.control;
+
+import org.glassfish.hk2.api.Factory;
+
+public class ContentControlFeatureFactory implements Factory<ContentControlFeature> {
+    private final Integer maxSize;
+
+    public ContentControlFeatureFactory(int maxSize) {
+        this.maxSize = maxSize;
+    }
+
+    @Override
+    public ContentControlFeature provide() {
+        return new ContentControlFeature(maxSize);
+    }
+
+    @Override
+    public void dispose(ContentControlFeature instance) {
+        // unused
+    }
+}
diff --git a/...e-web-jersey/src/main/java/com/coreoz/plume/jersey/security/control/ContentSizeLimit.java b/...e-web-jersey/src/main/java/com/coreoz/plume/jersey/security/control/ContentSizeLimit.java
@@ -0,0 +1,24 @@
+package com.coreoz.plume.jersey.security.control;
+
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.TYPE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+
+/**
+ * Modify the default Content size limit handled by the backend
+ */
+@Documented
+@Retention (RUNTIME)
+@Target({TYPE, METHOD})
+public @interface ContentSizeLimit {
+
+    /**
+    * The maximum size of the content in bytes
+    */
+    int value();
+}