fix(minidump): Streaming uploads from external relays #5977
1 issue
security-review: Found 1 issue (1 medium)
Medium
External clients can bypass upload quota checks via deferred length - `relay-server/src/endpoints/upload.rs:157`
Removing the trust check from validate_post_headers lets any external client send Upload-Defer-Length: 1 instead of declaring the real upload size, causing check_request to evaluate quota against 1 byte while the actual upload can reach max_upload_size.
Also found at:
relay-server/src/utils/tus.rs:29-31
⏱ 4m 28s · 1.1M in / 25.1k out · $1.99
Annotations
Check warning on line 157 in relay-server/src/endpoints/upload.rs
sentry-warden / warden: security-review
External clients can bypass upload quota checks via deferred length
Removing the trust check from `validate_post_headers` lets any external client send `Upload-Defer-Length: 1` instead of declaring the real upload size, causing `check_request` to evaluate quota against 1 byte while the actual upload can reach `max_upload_size`.
Check warning on line 31 in relay-server/src/utils/tus.rs
sentry-warden / warden: security-review
[J8K-MEA] External clients can bypass upload quota checks via deferred length (additional location)
Removing the trust check from `validate_post_headers` lets any external client send `Upload-Defer-Length: 1` instead of declaring the real upload size, causing `check_request` to evaluate quota against 1 byte while the actual upload can reach `max_upload_size`.