Description
SwaggerImportServiceImpl.fetchSwaggerDoc() uses response.body().string() to read the full HTTP response into memory without any size constraint. On the MCP import path, the response is subsequently parsed three times (Gson + OpenAPIV3Parser + JsonParser), multiplying memory usage. An authenticated Admin user can supply a URL pointing to a large file, causing JVM heap exhaustion and crashing the Admin process.
Affected File:
shenyu-admin/src/main/java/org/apache/shenyu/admin/service/impl/SwaggerImportServiceImpl.java
Proposed Change:
Replace the unbounded response.body().string() call with a size-limited counted read:
javaprivate static final long MAX_SWAGGER_BODY_BYTES = 10L * 1024 * 1024; // 10 MB
private String fetchSwaggerDoc(final String swaggerUrl) throws IOException {
// Check Content-Length header first, then count bytes during streaming read
// Throw IllegalArgumentException if limit exceeded
}
Acceptance Criteria:
Requests to /swagger/import or /swagger/import/mcp with a URL pointing to a file larger than the configured limit return a 400 Bad Request response.
The size limit is configurable via application.yml.
Legitimate Swagger/OpenAPI documents within the size limit are imported without issue.
Task List
No response
Description
SwaggerImportServiceImpl.fetchSwaggerDoc() uses response.body().string() to read the full HTTP response into memory without any size constraint. On the MCP import path, the response is subsequently parsed three times (Gson + OpenAPIV3Parser + JsonParser), multiplying memory usage. An authenticated Admin user can supply a URL pointing to a large file, causing JVM heap exhaustion and crashing the Admin process.
Affected File:
shenyu-admin/src/main/java/org/apache/shenyu/admin/service/impl/SwaggerImportServiceImpl.java
Proposed Change:
Replace the unbounded response.body().string() call with a size-limited counted read:
javaprivate static final long MAX_SWAGGER_BODY_BYTES = 10L * 1024 * 1024; // 10 MB
private String fetchSwaggerDoc(final String swaggerUrl) throws IOException {
// Check Content-Length header first, then count bytes during streaming read
// Throw IllegalArgumentException if limit exceeded
}
Acceptance Criteria:
Requests to /swagger/import or /swagger/import/mcp with a URL pointing to a file larger than the configured limit return a 400 Bad Request response.
The size limit is configurable via application.yml.
Legitimate Swagger/OpenAPI documents within the size limit are imported without issue.
Task List
No response