Home Explore Help
Sign In
chiappa
/
irdb
mirror of https://git.snix.ch/chiappa/irdb.git
1
0
Fork 0
Files Issues 0
Browse Source

docs: mark SEC_REVIEW F48 as fixed in c380d12

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
chiappa 3 days ago
parent
c380d126e9
commit
781c356f38
1 changed files with 23 additions and 1 deletions
Split View Show Diff Stats
  1. 23 1
      doc/SEC_REVIEW.md

+ 23 - 1
doc/SEC_REVIEW.md
View File 

@@ -11,7 +11,7 @@
 
 >
 
 > Each finding is referenced as **F<N>** for later citation.
 
 >
 
-> **Findings rolled up:** 5 sev-3 (5 fixed, 0 open), 27 sev-2 (27 fixed, 0 open), 42 sev-1 (15 fixed, 27 open).
 
+> **Findings rolled up:** 5 sev-3 (5 fixed, 0 open), 27 sev-2 (27 fixed, 0 open), 42 sev-1 (16 fixed, 26 open).
 
 
 ---
 
 
@@ -1581,6 +1581,28 @@
 
   and exhaust disk before `MmdbVerifier` sees it. Iterate `$phar`
 
   manually and enforce a max uncompressed size.
 
 - **Severity: 1**
 
+- **Status:** Fixed. New `MaxMindDownloader::assertSizeBudget` walks
 
+  the `PharData` (via `RecursiveIteratorIterator` so it descends
 
+  into the nested `GeoLite2-…/` directory) BEFORE
 
+  `extractTo`, summing each entry's `getSize()` (uncompressed) and
 
+  throwing `DownloaderException` if any single entry exceeds
 
+  `MAX_ENTRY_BYTES = 200 MiB` or the total exceeds
 
+  `MAX_TOTAL_BYTES = 400 MiB`. Real GeoLite2 MMDBs are ~6–7 MiB; the
 
+  caps are generous against future growth while bounding the
 
+  worst-case at "no single entry can fill a small disk". The check
 
+  runs in `fetchEdition()` immediately after `new PharData($tarPath)`,
 
+  so a bomb tarball never gets a single decompressed byte on disk.
 
+  Helper is `public` with `@internal` so the unit test can drive it
 
+  with small caps without building a >200 MiB fixture; production
 
+  call site uses the defaults. Regression tests in
 
+  `api/tests/Unit/Enrichment/MaxMindDownloaderTest.php`:
 
+  `testNormalArchivePasses` (small fixtures pass with default
 
+  caps), `testEntryOverPerEntryCapIsRejected` (4 KiB entry rejected
 
+  under 1 KiB cap, message includes the offending size), and
 
+  `testTotalOverArchiveCapIsRejected` (three 1 KiB entries breach a
 
+  2 KiB total cap), plus `testNestedEntriesAreCounted` to prove the
 
+  recursive iteration descends into the date-stamped subdirectory
 
+  the real MaxMind tarball nests.
 
 
 ### F49 — DB-IP gunzip has no decompressed-size cap
 
 - **File:** `api/src/Infrastructure/Enrichment/Downloaders/DbipDownloader.php:108-126`