protected void doPost(SlingHttpServletRequest req, SlingHttpServletResponse resp) throws IOException {
BufferedReader reader = req.getReader();
try{
String line = reader != null ? reader.readLine() : null;
}finally{
reader.close();
}
The above code went for a review with the Security team and the following comments were received:
BufferedReader.readLine
is susceptible to DOS (Denial of Service) attacks (line of infinite length, huge file containing no line feed/carriage return)- Resource exhaustion for the
StringBuilder
variable (cases when a file containing data greater than the available memory).
How to resolve the above issue?