github.com/zntrio/harp/v2@v2.0.9/pkg/sdk/ioutil/copy.go (about) 1 // Licensed to Elasticsearch B.V. under one or more contributor 2 // license agreements. See the NOTICE file distributed with 3 // this work for additional information regarding copyright 4 // ownership. Elasticsearch B.V. licenses this file to you under 5 // the Apache License, Version 2.0 (the "License"); you may 6 // not use this file except in compliance with the License. 7 // You may obtain a copy of the License at 8 // 9 // http://www.apache.org/licenses/LICENSE-2.0 10 // 11 // Unless required by applicable law or agreed to in writing, 12 // software distributed under the License is distributed on an 13 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 // KIND, either express or implied. See the License for the 15 // specific language governing permissions and limitations 16 // under the License. 17 18 package ioutil 19 20 import ( 21 "errors" 22 "io" 23 ) 24 25 // ErrTruncatedCopy is raised when the copy is larger than expected. 26 var ErrTruncatedCopy = errors.New("truncated copy due to too large input") 27 28 // Copy uses a buffered CopyN and a hardlimit to stop read from the reader when 29 // the maxSize amount of data has been written to the given writer. 30 func Copy(maxSize int64, w io.Writer, r io.Reader) error { 31 contentLength := int64(0) 32 33 // Chunked read with hard limit to prevent/reduce zipbomb vulnerability 34 // exploitation. 35 for { 36 written, err := io.CopyN(w, r, 1024) 37 if err != nil { 38 if errors.Is(err, io.EOF) { 39 break 40 } 41 return err 42 } 43 44 // Add to length 45 contentLength += written 46 47 // Check max size 48 if contentLength > maxSize { 49 return ErrTruncatedCopy 50 } 51 } 52 53 // No error 54 return nil 55 }