close
Skip to content

fix(download): allow highly compressed responses up to a known file size#9146

Merged
mgallien merged 2 commits into
masterfrom
bugfix/noid/decompression-threshold
Nov 27, 2025
Merged

fix(download): allow highly compressed responses up to a known file size#9146
mgallien merged 2 commits into
masterfrom
bugfix/noid/decompression-threshold

Conversation

@nilsding
Copy link
Copy Markdown
Member

@nilsding nilsding commented Nov 27, 2025

Follow-up for #8333

We already know the expected file size before the request, so we pretty much just™ can tell Qt to allow the decompression of responses up to the expected file size (and a bit to spare).

To cover this behaviour through unit tests I unfortunately ran into a limitation when trying to fake the requests with the usual methods: setting an override in our FakeQNAM returning a faked reply completely bypasses Qt's internal routines for QNetworkReply.
Therefore: spin up a temporary local HTTP server for the time of the test and do real HTTP requests.

We could try to explore how useful QHttpServer would be in other tests in the future as well, it might enable us for a cleaner way of setting up a fake/mock server for unit tests. For now this specific test can be seen as the initial exploration on how it could be used.

Caveat: this test is only available if the QHttpServer component is present, chances are it may not run everywhere. Hope CI is still fine with that...

Tested locally on Linux + Windows (both virtual files and classic sync) as well. To run into this issue I did the following:

  1. create a test file that can be compressed really easily, e.g.
File.write("bigfile.txt", "A" * 50 * 1024 * 1024)
  1. upload it somewhere to a synced folder
  2. append the following to the .htaccess of my AIO installation; even with Brotli the compression ratio is large enough to run into this
SetOutputFilter BROTLI_COMPRESS

  1. before this change: the client failed to download the file with the well-known Decompression failed: The decompressed output exceeds the limits specified by QNetworkRequest::decompressedSafetyCheckThreshold() error

    after this change: the client downloaded the file just fine

@nilsding
fix(download): allow highly compressed responses up to a known file size
20e566f 
Qt 6.2+'s archive bomb check is cool and all, but it's really annoying
when trying to retrieve files that compress really well over the wire.
As we already know the expected file size before the request we can
basically tell Qt to allow decompression of responses up to the expected
file size and a bit to spare.

Signed-off-by: Jyrki Gadinger <nilsding@nilsding.org>
@nilsding nilsding added this to the 4.1.0 milestone Nov 27, 2025
@nilsding nilsding self-assigned this Nov 27, 2025
@nilsding
Copy link
Copy Markdown
Member Author

nilsding commented Nov 27, 2025

/backport to stable-4.0

mgallien
mgallien requested changes Nov 27, 2025
View reviewed changes
Copy link
Copy Markdown
Collaborator

@mgallien mgallien left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

really nice automated test
easy to understand how it works

Comment thread test/testnextcloudpropagator.cpp Outdated
@nilsding
chore: add test for response decompression threshold check
14b0258 
Unfortunately faking this with the usual methods won't do the trick:
setting an override in our FakeQNAM returning a faked reply completely
bypasses Qt's internal routines for QNetworkReply.
Therefore: spin up a temporary local HTTP server for the time of the
test and do real HTTP requests.

We could try to explore how useful QHttpServer would be in other tests
in the future as well, it might enable us for a cleaner way of setting
up a fake/mock server for unit tests.  For now this specific test can be
seen as the initial exploration on how it could be used.

Caveat: this test is only available if the QHttpServer component is
present, chances are it may not run everywhere.

Signed-off-by: Jyrki Gadinger <nilsding@nilsding.org>
@nilsding nilsding force-pushed the bugfix/noid/decompression-threshold branch from 1be1bf5 to 14b0258 Compare November 27, 2025 14:28
@mgallien mgallien enabled auto-merge November 27, 2025 14:32
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Nov 27, 2025

Artifact containing the AppImage: nextcloud-appimage-pr-9146.zip

Digest: sha256:a0e7e34b5e7ae4c531f6a2cd52f6ba7f12559005e418fda96eb191757a5d5245

To test this change/fix you can download the above artifact file, unzip it, and run it.

Please make sure to quit your existing Nextcloud app and backup your data.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Nov 27, 2025

Quality Gate Failed Quality Gate failed

Failed conditions
BERJAYA C Maintainability Rating on New Code (required ≥ A)
BERJAYA 15 New Code Smells (required ≤ 0)

See analysis details on SonarQube Cloud

BERJAYA Catch issues before they fail your Quality Gate with our IDE extension BERJAYA SonarQube for IDE

@mgallien mgallien merged commit 5c6defd into master Nov 27, 2025
21 of 22 checks passed
@mgallien mgallien deleted the bugfix/noid/decompression-threshold branch November 27, 2025 15:06
@backportbot backportbot Bot mentioned this pull request Nov 27, 2025
Merged
@nilsding nilsding mentioned this pull request Feb 24, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mgallien mgallien mgallien approved these changes

@Aiiaiiio Aiiaiiio Awaiting requested review from Aiiaiiio

@camilasan camilasan Awaiting requested review from camilasan camilasan is a code owner

@i2h3 i2h3 Awaiting requested review from i2h3 i2h3 is a code owner

Assignees

@nilsding nilsding

Labels

None yet

Projects

None yet

Milestone

33.0.0

Development

Successfully merging this pull request may close these issues.

2 participants

@nilsding @mgallien