Improving security in case of malicious archive content
Talend JobServer has built in protection against ZIP Slip and ZIP Symlink attacks. To harden it even more, you can set limits for archive properties in order to protect Talend JobServer against malicious Job archive content.
In case of malicious Job archive content, Denial of Service attacks aiming to break the file system or exhaust disk space might be performed.
To avoid this risk, you can set harder limits for folders and files names, taking into account the space needed for your Job deployments. The default values are stored in the org.talend.remote.jobserver.server.cfg file located in etc directory.
org.talend.remote.jobserver.commons.config.JobServerConfiguration.| Parameters | Description |
|---|---|
|
Maximum size for the archive ZIP file that is being extracted during the deployment. The default value is of 1 GB. |
|
Number of entries in the archive file. The default maximal value is 2048. |
|
Length of the archive ZIP file name. The default maximal value is 240 characters. |
|
Length of folder names inside the archive ZIP file. The default maximum length of the unzipped folder name is 240 characters. |
|
Length of file names inside the archive ZIP file. The default maximal value is 240 characters. |
|
Depth limit for folders inside the archive ZIP file. The default value is 64 levels. |
|
Size limit for the sum of all archives stored in TalendJobServersFiles/archiveJobs folder. The default size limit is 100GB. |