Uploaded image for project: 'Jira Service Management Cloud'
  1. Jira Service Management Cloud
  2. JSDCLOUD-10383

Schema import zips with schema files greater than 1MB fail to import

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Low Low
    • Assets - Import
    • None

      Issue Summary

      User exported schema from insight cloud app and tried to import it via object schema import.

      It failed to analyze the file.

      Please see: https://getsupport.atlassian.com/browse/JST-686462?error=login_required&error_description=Login+required&state=c488bd3e-6265-4c57-bb82-547c719673d3&state=991e4b3e-fae1-4bc9-aa84-9e2b7d755fb7

      Steps to Reproduce

      1. Export a schema from insight cloud app. Schema file must be large ~ 1MB
      2. Import it via object schema import in Insight

      Expected Results

      The file would be able to be analyzed and the next step of importing would be available to the user

      Actual Results

      The below exception is thrown in the xxxxxxx.log file:

         stack_trace: java.io.IOException: Zip bomb detected! The file would exceed the max size of the expanded data in the zip-file. This may indicates that the file is used to inflate memory usage and thus could pose a security risk. Counter: 1048622, compressed size: 1, entry: 8f75a773-ca81-43c7-9234-c16aa899670d/schema.xml at com.atlassian.jsm.cmdb.imports.schema.utils.ZipSecureUtil.bytesRead(ZipSecureUtil.kt:14) at com.atlassian.jsm.cmdb.imports.schema.utils.ZipUtils$Companion.expandFromStream(ZipUtils.kt:51) at com.atlassian.jsm.cmdb.imports.schema.utils.ZipUtils$Companion.filteredExpand(ZipUtils.kt:25) at com.atlassian.jsm.cmdb.imports.schema.service.SchemaMetadataServiceImpl.getSchemasMetaData(SchemaMetadataService.kt:32) at com.atlassian.jsm.cmdb.imports.schema.service.SchemaImportConfigurationValidatorImpl.validateSchemaConfiguration(SchemaImportConfigurationValidator.kt:71) at com.atlassian.jsm.cmdb.imports.schema.ImportSchemaResource$validateSchemaConfigurationAsync$1.invokeSuspend(ImportSchemaResource.kt:107) at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106) at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665)

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

              436c0e34f7a4 Greg Ferguson
              436c0e34f7a4 Greg Ferguson
              Votes:
              2 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: