From 30b79b00158512eb036b6498ec5ac49514bde59b Mon Sep 17 00:00:00 2001 From: damikael Date: Wed, 25 Oct 2023 15:24:15 +0200 Subject: [PATCH] feat: limit max num of files in zip --- spid-validator/server/api/metadata-sp.js | 8 ++++++++ spid-validator/server/package.json | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/spid-validator/server/api/metadata-sp.js b/spid-validator/server/api/metadata-sp.js index f6cb234..7dea3a0 100644 --- a/spid-validator/server/api/metadata-sp.js +++ b/spid-validator/server/api/metadata-sp.js @@ -8,6 +8,8 @@ const config_dir = require('../../config/dir.json'); const config_idp = require("../../config/idp.json"); const config_test = require("../../config/test.json"); const moment = require('moment'); + +const ZIP_MAX_NUM_FILES = 100; module.exports = function(app, checkAuthorisation, getEntityDir, database) { @@ -221,6 +223,12 @@ module.exports = function(app, checkAuthorisation, getEntityDir, database) { let metadata_list = []; const files = Utility.readDir(getEntityDir(config_dir.TEMP)); + + if(files.length>ZIP_MAX_NUM_FILES) { + res.status(400).send(`Il pacchetto zip può contenere massimo ${ZIP_MAX_NUM_FILES} file`); + return; + } + const saveFilePromises = files.map(async (file) => { Utility.log("CHECK METADATA FILE from ZIP: ", file); diff --git a/spid-validator/server/package.json b/spid-validator/server/package.json index bfc8901..edf2bfe 100644 --- a/spid-validator/server/package.json +++ b/spid-validator/server/package.json @@ -1,6 +1,6 @@ { "name": "spid-validator", - "version": "1.10.1", + "version": "1.10.2", "description": "Tool for validating Service Provider compliance to SPID response from Identity Provider", "main": "spid-validator", "author": "Michele D'Amico (damikael) - AgID",