Schema import zips with schema files greater than 1MB fail to import

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Low
    • Component/s: Assets - Import
    • None
    • 3
    • Severity 3 - Minor

      Issue Summary

      User exported schema from insight cloud app and tried to import it via object schema import.

      It failed to analyze the file.

      Please see: https://getsupport.atlassian.com/browse/JST-686462?error=login_required&error_description=Login+required&state=c488bd3e-6265-4c57-bb82-547c719673d3&state=991e4b3e-fae1-4bc9-aa84-9e2b7d755fb7

      Steps to Reproduce

      1. Export a schema from insight cloud app. Schema file must be large ~ 1MB
      2. Import it via object schema import in Insight

      Expected Results

      The file would be able to be analyzed and the next step of importing would be available to the user

      Actual Results

      The below exception is thrown in the xxxxxxx.log file:

         stack_trace: java.io.IOException: Zip bomb detected! The file would exceed the max size of the expanded data in the zip-file. This may indicates that the file is used to inflate memory usage and thus could pose a security risk. Counter: 1048622, compressed size: 1, entry: 8f75a773-ca81-43c7-9234-c16aa899670d/schema.xml at com.atlassian.jsm.cmdb.imports.schema.utils.ZipSecureUtil.bytesRead(ZipSecureUtil.kt:14) at com.atlassian.jsm.cmdb.imports.schema.utils.ZipUtils$Companion.expandFromStream(ZipUtils.kt:51) at com.atlassian.jsm.cmdb.imports.schema.utils.ZipUtils$Companion.filteredExpand(ZipUtils.kt:25) at com.atlassian.jsm.cmdb.imports.schema.service.SchemaMetadataServiceImpl.getSchemasMetaData(SchemaMetadataService.kt:32) at com.atlassian.jsm.cmdb.imports.schema.service.SchemaImportConfigurationValidatorImpl.validateSchemaConfiguration(SchemaImportConfigurationValidator.kt:71) at com.atlassian.jsm.cmdb.imports.schema.ImportSchemaResource$validateSchemaConfigurationAsync$1.invokeSuspend(ImportSchemaResource.kt:107) at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106) at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665)

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

            Assignee:
            Greg Ferguson
            Reporter:
            Greg Ferguson
            Votes:
            2 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: