Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upload size limit on READMEs #4291

Closed
vignesh-sankaran opened this issue Jul 18, 2017 · 5 comments
Closed

Upload size limit on READMEs #4291

vignesh-sankaran opened this issue Jul 18, 2017 · 5 comments
Labels
A-readme Area: README file issues C-enhancement Category: enhancement Command-publish S-triage Status: This issue is waiting on initial triage.

Comments

@vignesh-sankaran
Copy link
Contributor

vignesh-sankaran commented Jul 18, 2017
edited
Loading

This is currently being done by npm, one of the reasons why is to stop a potential attack vector where an malacious third party could upload a very large README file and gum up crates.io. There are ways to deal with this on the crates.io side, but this could be an interim measure while we figure this out.
@est31
Copy link
Member

est31 commented Jul 19, 2017

crates.io doesn't display READMEs in any way so I don't see how this could be an issue for crates.io. Maybe there needs to be a limit on the description string or other strings though.

@vignesh-sankaran
Copy link
Contributor Author

There is an open PR for displaying READMEs, and READMEs are currently being stored in the database.

@ehuss ehuss added the A-readme Area: README file issues label Jul 1, 2020
@epage
Copy link
Contributor

epage commented Oct 13, 2023

We have some zip comb protection as of #11089 + #11337. This will limit how big of an overall .crate there is.

As for whether README.md size is a concern, I'd want to hear from crates.io. @Turbo87 any thoughts on how we should triage this?

@epage epage added the S-triage Status: This issue is waiting on initial triage. label Oct 13, 2023
@Turbo87
Copy link
Member

Turbo87 commented Oct 13, 2023

we have a server-side limit on the size of the metadata json blob, which restricts the size of the readme to some degree. we don't have a restriction specifically for the readme, but once we read it from the tarball we should probably implement something like that.

@epage
Copy link
Contributor

epage commented Oct 14, 2023

Sounds like this is being resolved on the server side, so I'm going to close this out for cargo's side. If there is a reason this should be enforced on the client side uniformly across all registries, let us know!

@epage epage closed this as not planned Won't fix, can't repro, duplicate, stale Oct 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-readme Area: README file issues C-enhancement Category: enhancement Command-publish S-triage Status: This issue is waiting on initial triage.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@ehuss @epage @Turbo87 @carols10cents @vignesh-sankaran @est31