Conversation
fix: isolate module uploads in modules/<module_key>/ and remove core …
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f58c8b6048
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| const manifestBuffer = manifestEntry.getData(); | ||
| if (!manifestBuffer || manifestBuffer.length === 0) { | ||
| throw new ApiError(400, 'manifest file is empty'); | ||
| } | ||
| if (manifestBuffer.length > MAX_MANIFEST_BYTES) { |
There was a problem hiding this comment.
extractManifestFromZipBuffer inflates the manifest with manifestEntry.getData() and only applies MAX_MANIFEST_BYTES afterwards, so a tiny compressed archive can still force a very large in-memory allocation before the guard runs. In module upload paths this enables zip-bomb style input to trigger high memory usage or process instability even though the endpoint advertises strict manifest limits; check uncompressed size metadata (or stream with a hard cap) before materializing the buffer.
Useful? React with 👍 / 👎.
| const entryBuffer = entry.getData(); | ||
| if (entryBuffer.length > MAX_ZIP_ENTRY_BYTES) { | ||
| throw new ApiError(400, `zip entry too large: ${safeRelativePath}`); |
There was a problem hiding this comment.
saveModuleBundle calls entry.getData() for every archive entry before enforcing limits, and the only size check is per-entry after inflation. A highly compressible 5MB upload can therefore expand to very large buffers and writes (up to hundreds of MB/GB across entries) before rejection, which can exhaust memory/disk during upload; enforce pre-inflation uncompressed-size checks plus a cumulative extracted-bytes cap.
Useful? React with 👍 / 👎.
1 participant
Se ajusta el sistema de módulos para que cada zip viva en su propia carpeta
modules/<module_key>/con extracción segura, y se elimina el acoplamiento del core almodule_keydel share, detectando módulos activos por permiso/hook. Esto reduce impacto en core y mejora aislamiento de extensiones.