Highlighted

How to read a file or stream in Most Robust way using Java?

Avatar

Avatar

karthickv998656

Avatar

karthickv998656

karthickv998656

26-08-2019

protected void doPost(SlingHttpServletRequest req, SlingHttpServletResponse resp) throws IOException {

BufferedReader reader = req.getReader();

try{

String line = reader != null ? reader.readLine() : null;

}finally{

reader.close();

}

The above code went for a review with the Security team and the following comments were received:

  1. BufferedReader.readLine is susceptible to DOS (Denial of Service) attacks (line of infinite length, huge file containing no line feed/carriage return)
  2. Resource exhaustion for the StringBuilder variable (cases when a file containing data greater than the available memory).

How to resolve the above issue?

Replies

Highlighted

Avatar

Avatar

rampai

Avatar

rampai

rampai

26-08-2019

Hi karthickv99865601​,

Can you please check if this is of any help since this query is not AEM specific?

The suggestion is to leverage StringBuffer to split the stream and read it in chunks rather than one whole stream.

https://stackoverflow.com/questions/17084657/most-robust-way-of-reading-a-file-or-stream-using-java-...

Regards,

Ram

Highlighted

Avatar

Avatar

karthickv998656

Avatar

karthickv998656

karthickv998656

26-08-2019

Hi rampai,

I have tried that too, but its throwing error.