coder

shishantbiswas/coder

Fork 0

mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00

Commit Graph

Author	SHA1	Message	Date
George K	2f011fd2a3	fix: reject oversized and invalid zip uploads (#25877 ) Enforce aggregate limits when converting uploaded ZIP archives to tar so compressed inputs cannot expand without bound in memory. Also treat malformed ZIP entry metadata and content mismatches as client errors during conversion, returning 400 for invalid archives and 413 when expanded tar output exceeds the upload limit. Ref: https://linear.app/codercom/issue/PLAT-274/zip-upload-decompressed-without-aggregate-size-limit-sec-103	2026-06-02 10:11:49 -07:00
Cian Johnston	df34858c3c	chore(coderd): extract fileszip to package archive for reuse (#15229 ) Related to https://github.com/coder/coder/issues/15087 As part of sniffing the workspace tags from an uploaded file, we need to be able to handle both zip and tar files. Extracting the functions to a separate `archive` package will be helpful here.	2024-10-25 15:14:39 +01:00

Author

SHA1

Message

Date

George K

2f011fd2a3

fix: reject oversized and invalid zip uploads (#25877 )

Enforce aggregate limits when converting uploaded ZIP archives to tar
so compressed inputs cannot expand without bound in memory.

Also treat malformed ZIP entry metadata and content mismatches as
client errors during conversion, returning 400 for invalid archives and
413 when expanded tar output exceeds the upload limit.

Ref: https://linear.app/codercom/issue/PLAT-274/zip-upload-decompressed-without-aggregate-size-limit-sec-103

2026-06-02 10:11:49 -07:00

Cian Johnston

df34858c3c

chore(coderd): extract fileszip to package archive for reuse (#15229 )

Related to https://github.com/coder/coder/issues/15087
As part of sniffing the workspace tags from an uploaded file, we need to
be able to handle both zip and tar files. Extracting the functions to
a separate `archive` package will be helpful here.

2024-10-25 15:14:39 +01:00

2 Commits