fix(findrive): enforce 255 char limit on filename to prevent DoS (fix…#384
fix(findrive): enforce 255 char limit on filename to prevent DoS (fix…#384deveshreddyp wants to merge 3 commits into
Conversation
| "folder": f.folder_path, | ||
| "status": "uploaded", | ||
| } | ||
| return upload_file_action( |
There was a problem hiding this comment.
why not add the defense without refactoring into another function?
keep it simple until there is need for reusability
|
Good call! I initially extracted it to make importing it into the new I'm reverting the refactor now and putting the 255-char defense back directly inline. Will push the update in a few minutes! |
|
Done! I removed the |
|
@deveshreddyp, here is the test suite PR #317 — FinDrive Server Tests The bug was identified with this test suite, which is ready for review; there is no need to create extra tests. |
|
Ah, that makes perfect sense! I didn't spot PR #317 pending in the queue, so I proactively wrote a suite locally to test the fix via TDD. Your test suite looks incredibly comprehensive. I have just removed my custom Once PR #317 is merged, this |
3 participants
Resolves #355
Summary of Changes
This PR addresses Bug_146 by implementing a strict 255-character length limit on the
filenameparameter in theupload_filetool to prevent database bloat and potential DoS vectors.tests/unit/mcp/test_findrive.pyfile wasn't onmainyet, so I went ahead and created the test suite via TDD to fulfill the exact Acceptance Criteria.Bugs Resolved
Test Plan
test_fd_upload_001_upload_returns_file_id_and_metadata-> Passes (Valid actions still process normally)test_fd_str_002_very_long_filename_accepted_without_validation-> Passes (Correctly returns the error dictionary for oversized filenames)cc @steadhac @saikishu