Skip to content

[backend] BulkImportController.import() accepts CSV as a raw body string with no size limit #933

Description

@Wilfred007

Description

BulkImportController.import() reads CSV content directly from request.body.csv as a string with no enforced maximum length, risking memory pressure (OOM) on very large uploads since the whole string is held in memory before parsing.

Where

backend/src/controllers — BulkImportController.import

Acceptance Criteria

  • Enforce a maximum body size at the middleware level for this route
  • Add a test for the oversized-payload rejection

Metadata

Metadata

Assignees

Labels

Stellar WaveIssues in the Stellar wave programbackendBackend developmentmediumModerate tasks

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions