Harden auth, redaction, upload size checks, and compose token requirements

2026-02-21 13:48:55 -03:00
parent 5792586a90
commit 3cbad053cc
21 changed files with 1168 additions and 85 deletions
--- a/backend/app/services/extractor.py
+++ b/backend/app/services/extractor.py
@@ -300,16 +300,39 @@ def extract_text_content(filename: str, data: bytes, mime_type: str) -> Extracti


 def extract_archive_members(data: bytes, depth: int = 0) -> list[ArchiveMember]:
-    """Extracts processable members from zip archives with configurable depth limits."""
+    """Extracts processable ZIP members within configured decompression safety budgets."""

    members: list[ArchiveMember] = []
    if depth > settings.max_zip_depth:
        return members

-    with zipfile.ZipFile(io.BytesIO(data)) as archive:
-        infos = [info for info in archive.infolist() if not info.is_dir()][: settings.max_zip_members]
-        for info in infos:
-            member_data = archive.read(info.filename)
-            members.append(ArchiveMember(name=info.filename, data=member_data))
+    total_uncompressed_bytes = 0
+    try:
+        with zipfile.ZipFile(io.BytesIO(data)) as archive:
+            infos = [info for info in archive.infolist() if not info.is_dir()][: settings.max_zip_members]
+            for info in infos:
+                if info.file_size <= 0:
+                    continue
+                if info.file_size > settings.max_zip_member_uncompressed_bytes:
+                    continue
+                if total_uncompressed_bytes + info.file_size > settings.max_zip_total_uncompressed_bytes:
+                    continue
+
+                compressed_size = max(1, int(info.compress_size))
+                compression_ratio = float(info.file_size) / float(compressed_size)
+                if compression_ratio > settings.max_zip_compression_ratio:
+                    continue
+
+                with archive.open(info, mode="r") as archive_member:
+                    member_data = archive_member.read(settings.max_zip_member_uncompressed_bytes + 1)
+                if len(member_data) > settings.max_zip_member_uncompressed_bytes:
+                    continue
+                if total_uncompressed_bytes + len(member_data) > settings.max_zip_total_uncompressed_bytes:
+                    continue
+
+                total_uncompressed_bytes += len(member_data)
+                members.append(ArchiveMember(name=info.filename, data=member_data))
+    except zipfile.BadZipFile:
+        return []

    return members