Skip to content

Add decompressed size limits to snapshot downloads.#2479

Merged
fnando merged 2 commits intomainfrom
snapshot-limit
Apr 14, 2026
Merged

Add decompressed size limits to snapshot downloads.#2479
fnando merged 2 commits intomainfrom
snapshot-limit

Conversation

@fnando
Copy link
Copy Markdown
Member

@fnando fnando commented Apr 14, 2026

What

Add decompressed size limits to snapshot downloads.

Why

To prevent unlimited decompression.

Known limitations

N/A

Copilot AI review requested due to automatic review settings April 14, 2026 17:45
@github-project-automation github-project-automation bot moved this to Backlog (Not Ready) in DevX Apr 14, 2026
@fnando fnando requested review from mootz12 and removed request for Copilot April 14, 2026 17:49
@fnando fnando moved this from Backlog (Not Ready) to Needs Review in DevX Apr 14, 2026
Copilot AI review requested due to automatic review settings April 14, 2026 18:37
Copilot AI reviewed Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds safety limits around downloading and decompressing history archive snapshot inputs to avoid unbounded decompression during snapshot create, along with a small HTTP client hardening change.

Changes:

  • Introduce maximum decompressed-size limits for bucket and ledger header downloads in snapshot create, with a new error variant when exceeded.
  • Apply a 30s connection timeout to both async and blocking reqwest clients.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
cmd/soroban-cli/src/utils.rs Adds a shared CONNECT_TIMEOUT and applies it to both async and blocking HTTP clients.
cmd/soroban-cli/src/commands/snapshot/create.rs Enforces decompressed-size caps during gzip streaming to disk and returns a specific error when limits are exceeded.

Comment thread cmd/soroban-cli/src/commands/snapshot/create.rs Outdated
Comment thread cmd/soroban-cli/src/commands/snapshot/create.rs Outdated
Comment thread cmd/soroban-cli/src/commands/snapshot/create.rs
@fnando fnando enabled auto-merge (squash) April 14, 2026 18:46
mootz12
mootz12 approved these changes Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@mootz12 mootz12 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LG2M

@fnando fnando merged commit c4c3d6a into main Apr 14, 2026
213 checks passed
@fnando fnando deleted the snapshot-limit branch April 14, 2026 19:46
@github-project-automation github-project-automation bot moved this from Needs Review to Done in DevX Apr 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mootz12 mootz12 mootz12 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

DevX
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fnando @mootz12