Make CSAF upload size configurable. Defaults to 50MB

2025-12-22 11:55:40 +01:00 · 2021-12-14 22:04:44 +01:00 · 2021-12-14 22:04:44 +01:00 · bba9dcec8f
commit bba9dcec8f
parent 8623728a9a
2 changed files with 24 additions and 9 deletions
--- a/cmd/csaf_provider/config.go
+++ b/cmd/csaf_provider/config.go
@ -10,6 +10,7 @@ package main

 import (
 	"fmt"
+	"io"
 	"os"
 	"strings"

@ -20,11 +21,12 @@ import (
 )

 const (
-	configEnv         = "CSAF_CONFIG"
-	defaultConfigPath = "/usr/lib/casf/config.toml"
-	defaultFolder     = "/var/www/"
-	defaultWeb        = "/var/www/html"
-	defaultOpenPGPURL = "https://openpgp.circl.lu/pks/lookup?op=get&search=${FINGERPRINT}"
+	configEnv          = "CSAF_CONFIG"
+	defaultConfigPath  = "/usr/lib/casf/config.toml"
+	defaultFolder      = "/var/www/"
+	defaultWeb         = "/var/www/html"
+	defaultOpenPGPURL  = "https://openpgp.circl.lu/pks/lookup?op=get&search=${FINGERPRINT}"
+	defaultUploadLimit = 50 * 1024 * 1024
 )

 type config struct {
@ -41,6 +43,7 @@ type config struct {
 	NoWebUI                 bool            `toml:"no_web_ui"`
 	DynamicProviderMetaData bool            `toml:"dynamic_provider_metadata"`
 	Publisher               *csaf.Publisher `toml:"publisher"`
+	UploadLimit             *int64          `toml:"upload_limit"`
 }

 type tlp string
@ -70,6 +73,14 @@ func (t *tlp) UnmarshalText(text []byte) error {
 	return fmt.Errorf("invalid config TLP value: %v", string(text))
 }

+func (cfg *config) uploadLimiter(r io.Reader) io.Reader {
+	// Zero or less means no upload limit.
+	if cfg.UploadLimit == nil || *cfg.UploadLimit < 1 {
+		return r
+	}
+	return io.LimitReader(r, *cfg.UploadLimit)
+}
+
 func (cfg *config) GetOpenPGPURL(key *crypto.Key) string {
 	if key == nil {
 		return cfg.OpenPGPURL
@ -143,5 +154,10 @@ func loadConfig() (*config, error) {
 		}
 	}

+	if cfg.UploadLimit == nil {
+		ul := int64(defaultUploadLimit)
+		cfg.UploadLimit = &ul
+	}
+
 	return &cfg, nil
 }