Rejecting requests with significant content length is a good practice to control the network traffic intensity and thus resource consumption in order to prevents DoS attacks.
There is a risk if you answered yes to any of those questions.
It is recommended to customize the rule with the limit values that correspond to the web application.
For Symfony Constraints:
use Symfony\Component\Validator\Constraints as Assert;
use Symfony\Component\Validator\Mapping\ClassMetadata;
class TestEntity
{
public static function loadValidatorMetadata(ClassMetadata $metadata)
{
$metadata->addPropertyConstraint('upload', new Assert\File([
'maxSize' => '100M', // Sensitive
]));
}
}
For Laravel Validator:
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
class TestController extends Controller
{
public function test(Request $request)
{
$validatedData = $request->validate([
'upload' => 'required|file', // Sensitive
]);
}
}
For Symfony Constraints:
use Symfony\Component\Validator\Constraints as Assert;
use Symfony\Component\Validator\Mapping\ClassMetadata;
class TestEntity
{
public static function loadValidatorMetadata(ClassMetadata $metadata)
{
$metadata->addPropertyConstraint('upload', new Assert\File([
'maxSize' => '8M', // Compliant
]));
}
}
For Laravel Validator:
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
class TestController extends Controller
{
public function test(Request $request)
{
$validatedData = $request->validate([
'upload' => 'required|file|max:8000', // Compliant
]);
}
}