finding_id: REV-2026-007
priority: P1
area: security
kind: security
paths:
Summary
Bound Web UI and bridge input size, execution time, and concurrency to prevent resource exhaustion.
Evidence
Global review finding REV-2026-007 identified missing HTTP-body and Java-stdin size limits, YAML size limits, hard execution timeouts, child-process-tree termination, and concurrency/queue controls.
Impact
An attacker or accidental oversized document can consume memory, CPU, subprocesses, or queue capacity and make the Web UI unavailable.
Scope
Set HTTP and stdin byte limits with early termination, enforce YAML file/string limits, add hard Maven/Java bridge timeouts that terminate process trees, and return 413/503/504 where appropriate.
Out of scope
Default host binding, static-file routing, and authentication; host binding is tracked by REV-2026-001.
Acceptance criteria
- HTTP body 和 Java stdin 超限返回 413 并停止读取
- YAML 文件/字符串有大小上限
- Maven/Java bridge 有硬超时并终止子进程树
- 限制并发/队列,未就绪返回 503/504
- 正常 api.yaml 分析流程不受影响
Verification
Exercise oversized HTTP and stdin payloads, oversized YAML, hung bridge processes, and saturated concurrency; assert bounded resource use, response codes, cleanup, and successful normal analysis.
Rollback
Revert the limits and timeout enforcement while retaining load/regression fixtures and blocking automation pending a revised capacity design.
Dependencies
Blocked by REV-2026-001 (#12). Do not add automation:ready until the dependency is completed and design review is complete.
finding_id: REV-2026-007
priority: P1
area: security
kind: security
paths:
blocked_by:
automation: needs-design
Summary
Bound Web UI and bridge input size, execution time, and concurrency to prevent resource exhaustion.
Evidence
Global review finding REV-2026-007 identified missing HTTP-body and Java-stdin size limits, YAML size limits, hard execution timeouts, child-process-tree termination, and concurrency/queue controls.
Impact
An attacker or accidental oversized document can consume memory, CPU, subprocesses, or queue capacity and make the Web UI unavailable.
Scope
Set HTTP and stdin byte limits with early termination, enforce YAML file/string limits, add hard Maven/Java bridge timeouts that terminate process trees, and return 413/503/504 where appropriate.
Out of scope
Default host binding, static-file routing, and authentication; host binding is tracked by REV-2026-001.
Acceptance criteria
Verification
Exercise oversized HTTP and stdin payloads, oversized YAML, hung bridge processes, and saturated concurrency; assert bounded resource use, response codes, cleanup, and successful normal analysis.
Rollback
Revert the limits and timeout enforcement while retaining load/regression fixtures and blocking automation pending a revised capacity design.
Dependencies
Blocked by REV-2026-001 (#12). Do not add
automation:readyuntil the dependency is completed and design review is complete.