Re: [PR] Add Storage Quota Check to Batch Segments Upload [pinot]

Wed, 28 Jan 2026 20:45:45 -0800 


Copilot commented on code in PR #17512:
URL: https://github.com/apache/pinot/pull/17512#discussion_r2739928252


##########
pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotSegmentUploadDownloadRestletResource.java:
##########
@@ -627,8 +627,16 @@ private SuccessResponse uploadSegments(String tableName, 
TableType tableType, Fo
           SegmentValidationUtils.validateTimeInterval(segmentMetadata, 
tableConfig);
         }
         // TODO: Include the un-tarred segment size when using the METADATA 
push rest API. Currently we can only use the
-        //  tarred segment size as an approximation. Additionally, add the 
storage quota check for batch upload mode.
+        //  tarred segment size as an approximation.
         long segmentSizeInBytes = getSegmentSizeFromFile(sourceDownloadURIStr);
+        if (segmentSizeInBytes > 0) {
+          // Only check storage quota when segment size is available
+          SegmentValidationUtils.checkStorageQuota(segmentName, 
segmentSizeInBytes, segmentSizeInBytes, tableConfig,
+              _storageQuotaChecker);
+        } else {
+          LOGGER.warn("Skipping storage quota check for segment: {} of table: 
{} as segment size is unavailable",
+              segmentName, tableNameWithType);
+        }

Review Comment:
   Skipping quota validation when segment size is unavailable creates a 
potential quota bypass. An attacker could craft upload requests that don't 
provide segment size information to circumvent quota restrictions. Consider 
making quota validation mandatory and rejecting segments where size cannot be 
determined.
   ```suggestion
           if (segmentSizeInBytes <= 0) {
             // Reject upload when segment size is unavailable to avoid 
skipping quota validation
             throw new 
ControllerApplicationException(Response.Status.BAD_REQUEST,
                 "Cannot determine segment size for quota validation for 
segment: " + segmentName + " of table: "
                     + tableNameWithType);
           }
           SegmentValidationUtils.checkStorageQuota(segmentName, 
segmentSizeInBytes, segmentSizeInBytes, tableConfig,
               _storageQuotaChecker);
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to