Summary
When uploading codebase archives or multi-file scripts via the /upload_file endpoint, if the file payload fails structural or validation checks (such as an invalid format extension or size limitation breach), the backend throws an exception or returns an early HTTP error response without explicitly purging or closing the underlying file descriptors or temporary system buffers. Over time, this leads to an accumulation of open file handles and memory leaks.
Steps To Reproduce
- Spin up the backend API local instance.
- Send a POST request to
/api/v1/upload using a file named payload.exe or an unapproved extension to trigger an immediate validation failure.
- Monitor the open file descriptors on the host machine using a utility tool like
lsof or tracking system memory blocks.
- Repeat the upload call multiple times and observe the file descriptor count sequentially growing.
Expected Behavior
The file uploading lifecycle must be wrapped inside a defensive try...finally block. Regardless of whether validation succeeds or fails, any opened temporary data buffers or file handles must be explicitly closed and unlinked from the system storage array before returning the API response.
Actual Behavior
The upload routing code returns an HTTP exception array upon validation failure but leaves the intermediate stream wrapper unclosed in storage memory, slowly degrading server resources.
Environment
- OS: All Platforms (Linux / Windows / macOS)
- Browser (if frontend): N/A (Core API bug)
- Python version (if backend): 3.12+
Logs/Screenshots
No crash stack trace is directly exposed to users; file stream leaks must be observed directly via server-level memory profiling and container resource tracking.
Summary
When uploading codebase archives or multi-file scripts via the
/upload_fileendpoint, if the file payload fails structural or validation checks (such as an invalid format extension or size limitation breach), the backend throws an exception or returns an early HTTP error response without explicitly purging or closing the underlying file descriptors or temporary system buffers. Over time, this leads to an accumulation of open file handles and memory leaks.Steps To Reproduce
/api/v1/uploadusing a file namedpayload.exeor an unapproved extension to trigger an immediate validation failure.lsofor tracking system memory blocks.Expected Behavior
The file uploading lifecycle must be wrapped inside a defensive
try...finallyblock. Regardless of whether validation succeeds or fails, any opened temporary data buffers or file handles must be explicitly closed and unlinked from the system storage array before returning the API response.Actual Behavior
The upload routing code returns an HTTP exception array upon validation failure but leaves the intermediate stream wrapper unclosed in storage memory, slowly degrading server resources.
Environment
Logs/Screenshots
No crash stack trace is directly exposed to users; file stream leaks must be observed directly via server-level memory profiling and container resource tracking.