Closed madchap closed 4 years ago
isn't there a limit by default? we get questions about how to raise the limit on a weekly basis in the clack channel. Or is that only for the standalone / setup.bash installs?
Maybe through the UI, but not the API somehow.
https://github.com/DefectDojo/django-DefectDojo/blob/dev/nginx/nginx.conf#L14
800m.. we're asking to be DoS'ed it seems.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Seems to be fixed
Is your feature request related to a problem? Please describe Right now, anyone can import any size a report, which can lead to a DoS -- as I can experiment now. For example, git repositories scans can generate a ton of findings (esp. if you don't pay the right attention to false-positives). In my case, well over 100K across all branch caused a DoS on my instance.
We should have an upper limit to mitigate DoS.
Describe the solution you'd like The idea is to limit -- both at UI and API levels -- the size of the report that can be uploaded. It could be number of rows or file size.