Highlighted

How to read a file or stream in Most Robust way using Java?

karthickv998656

26-08-2019

protected void doPost(SlingHttpServletRequest req, SlingHttpServletResponse resp) throws IOException {

BufferedReader reader = req.getReader();

try{

String line = reader != null ? reader.readLine() : null;

}finally{

reader.close();

}

The above code went for a review with the Security team and the following comments were received:

  1. BufferedReader.readLine is susceptible to DOS (Denial of Service) attacks (line of infinite length, huge file containing no line feed/carriage return)
  2. Resource exhaustion for the StringBuilder variable (cases when a file containing data greater than the available memory).

How to resolve the above issue?

Replies