Add configurable limit for the maximum number of bytes/chars of content to parse before failing
cowtowncoder opened this issue · 3 comments
(note: part of #637)
Jackson 2.15 included a few processing limits that can be applied to limit processing for "too big content"; first focusing on general nesting depth and max. length of individual tokens.
While this is good first step, it also makes sense to offer a simple way to limit maximum content in total allowed to be read -- typically a maximum document size, but in case of line-delimited input, maximum streaming content.
The reasoning for addition of such feature is that although users can -- if they must -- implement this at yet lower level (length-limited InputStream, for example), there are some benefits from Jackson streaming component offering this:
- Less work for user (obviously), better accessibility leading to wider adoption and helping against possible DoS vectors
- Better integration via well-defined exception type common to constraints violations (
StreamConstraintsException) - More reliable limits when shared implementation used (i.e. less like users/devs implement faulty limits checks)
Note, too, that this feature significantly improves usefulness (or right now, lack thereof) of #863 to combine per-token limits with overall limits.
NOTE: the default setting for this limits should, however, be left as "unlimited": using anything else is likely to break some processing somewhere.
Limit has to be defined as 64-bit long (not int); default value to use then is likely Long.MAX_VALUE.
I guess built-in support would be good - but this limit is straightforward for users to apply themselves without waiting for a jackson solution.
If your input data is the form of
- InputStream - try SizeLimitInputStream or equivalent
- Reader - try SizeLimitReader or equivalent
- String - just check
length()of String - ByteBuffer - jackson-databind has ByteBufferBackedInputStream - you can write the ByteBuffer with this and then wrap the InputStream with the SizeLimitInputStream above
- it may also be feasible to check the ByteBuffer capacity before reading from it
Still hoping to get this in 2.16 as it would be the last processing limit formally requested. But we'll see :)
Implemented for JSON backend (InputStream, Reader, non-blocking/async).