decentraland / catalyst-storage
96%
main: 95%

Repo Added 16 Oct 2024 02:13PM UTC

Token YKxnSIBHvOobSOgKkBGzn1xT99zKayiAH regen

Build 73 Last

Files 9

Badge

Embed ▾

LAST BUILD ON BRANCH 4.6.0
branch: 4.6.0

CHANGE BRANCH
x

Reset

Sync Branches

4.6.0

4.6.1

badge

chore/add-workflow-dispatch

chore/format-on-save

claude/admiring-goldstine

coverage

feat/add-content-size-to-file-info

feat/range-requests

feat/stream-s3-uploads

fix/compression-partial-cleanup

fix/decompression-inflight-race

fix/decouple-decompress-cap-default

fix/files-handling

fix/folder-storage-decompression-bomb

fix/folder-storage-path-containment

fix/idempotent-start

fix/s3-retrieve-error-logging

main

refs/tags/4.3.1

refs/tags/4.4.0

refs/tags/4.5.0

refs/tags/4.5.1

Committed 10 Jun 2026 01:10PM UTC coverage: 95.927% (+0.09%) from 95.833%

Build # 27279274148

Build Type

push

github

Committed by

web-flow

Commit Message

fix: cap gzip decompression size to prevent a decompression bomb (#101)

* fix: cap gzip decompression size to prevent a decompression bomb

When serving a range request for a gzip-stored item, the gzip was inflated
to a cache file on disk with no size limit, so a crafted small gzip could
expand to an arbitrarily large file (disk/CPU exhaustion).

Inflation is now passed through a size-limiting transform that aborts the
pipe once the decompressed output exceeds decompressMaxFileSize (defaults to
decompressCacheMaxSize). The limit is enforced on the actual inflated bytes
rather than the gzip trailer's declared size, which is attacker-controllable.
The partial file is cleaned up on abort, and retrieve returns undefined.

Fixes #99

* test: add edge cases for the gzip decompression cap

- Boundary: a gzip inflating to exactly the cap succeeds.
- Concurrency: two simultaneous range requests for an over-cap gzip are both
  refused, nothing is left on disk, and the inflight guard is not left stuck.
- Default inheritance: with decompressMaxFileSize unset, a file within
  decompressCacheMaxSize is allowed and one larger than it is refused.

Coverage Stats

104 of 117 branches covered (88.89%)

Branch coverage included in aggregate %.

10 of 10 new or added lines in 1 file covered. (100.0%)

367 of 374 relevant lines covered (98.13%)

34.06 hits per line

Relevant lines Covered

374 RELEVANT LINES 367 COVERED LINES

34.06 HITS PER LINE

Source Files on 4.6.0

Recent builds

Builds	Branch	Commit	Type	Ran	Committer	Via	Coverage
27279274148	4.6.0	fix: cap gzip decompression size to prevent a decompression bomb (#101) * fix: cap gzip decompression size to prevent a decompression bomb When serving a range request for a gzip-stored item, the gzip was inflated to a cache file on disk with no...	push	10 Jun 2026 01:22PM UTC	web-flow	github	95.93

See All Builds (73)

Badge your Repo: catalyst-storage

We detected this repo isn’t badged! Grab the embed code to the right, add it to your repo to show off your code coverage, and when the badge is live hit the refresh button to remove this message.

Embed ▾

Refresh

decentraland / catalyst-storage
96%
main: 95%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

CHANGE BRANCH
x

Relevant lines Covered

Source Files on 4.6.0

Recent builds

Badge your Repo: catalyst-storage

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

decentraland / catalyst-storage 96% main: 95%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

CHANGE BRANCH x

Relevant lines Covered

Source Files on 4.6.0

Recent builds

Badge your Repo: catalyst-storage

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

decentraland / catalyst-storage
96%
main: 95%

README BADGES
x

CHANGE BRANCH
x

README BADGES
x