protected void doPost(SlingHttpServletRequest req, SlingHttpServletResponse resp) throws IOException {
BufferedReader reader = req.getReader();
try{
String line = reader != null ? reader.readLine() : null;
}finally{
reader.close();
}
The above code went for a review with the Security team and the following comments were received:
BufferedReader.readLine
is susceptible to DOS (Denial of Service) attacks (line of infinite length, huge file containing no line feed/carriage return)StringBuilder
variable (cases when a file containing data greater than the available memory).How to resolve the above issue?
Views
Replies
Total Likes
Hi karthickv99865601,
Can you please check if this is of any help since this query is not AEM specific?
The suggestion is to leverage StringBuffer to split the stream and read it in chunks rather than one whole stream.
Regards,
Ram
Views
Replies
Total Likes
Hi rampai,
I have tried that too, but its throwing error.
Views
Replies
Total Likes