carloea2 opened a new issue, #4058: URL: https://github.com/apache/texera/issues/4058
### What happened? **Issue description** When uploading a file in a dataset, right now the file size limit is only checked in the frontend. When a file is dropped, `fileDropped()` checks the size like this: https://github.com/apache/texera/blob/078351228c69765896a80c2216cf31aa5ff77fa0/frontend/src/app/dashboard/component/user/files-uploader/files-uploader.component.ts#L74-L84 Because this check lives only in the built JS (e.g. `main.js`), a user can change or remove it on the client side and then upload files that are larger than the intended limit. The backend does **not** enforce the same size limit, so these larger files are accepted successfully. **Expected** * File size limit is enforced on the server. * Changing the frontend code does **not** allow uploads larger than `singleFileUploadMaxSizeMiB`. **Actual** * File size is only checked in the frontend. * Users who change the client-side code can upload files bigger than the configured limit without any server-side rejection. ### How to reproduce? **Steps to reproduce** 1. Log in to Texera Hub. 2. Go to **Your Work → Datasets** and open any dataset. 3. Open the browser developer tools and go to the **Sources** tab. 4. Open `main.js` (the bundled frontend file). 5. Search for the string `"the maximum limit"` to locate the file size check in `fileDropped()`. 6. Note the current configured limit in `this.singleFileUploadMaxSizeMiB` (for example, 20 MiB / 10 GiB). 7. In the devtools editor, change the condition from: ```ts if (file.size > this.singleFileUploadMaxSizeMiB * 1024 * 1024) { ``` to something larger, for example: ```ts if (file.size > this.singleFileUploadMaxSizeMiB * 1024 * 1024 * 1024) { ``` 8. With this modified code, drag and drop a file whose size is **above the real limit** but **below the modified limit**. 9. The upload succeeds even though it exceeds the intended max size. * In the attached screenshot, a `testtexera.zip` file of **12.92 GB** was uploaded while the limit was **10 GB**. <img width="1532" height="723" alt="Image" src="https://github.com/user-attachments/assets/1dea6db8-fac2-435b-8189-6e5f5598b3e3"; /> ### Version 1.1.0-incubating (Pre-release/Master) ### Commit Hash (Optional) _No response_ ### What browsers are you seeing the problem on? _No response_ ### Relevant log output ```shell ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
