SAK-52189 Resources Error when uploading a file equal to the maximum size

[st-manu]

https://sakaiproject.atlassian.net/browse/SAK-52189

Summary by CodeRabbit

• Bug Fixes
  • Improved file upload size validation to account for multipart form-data overhead by applying a small margin to per-file and total upload checks, reducing false rejections and improving upload reliability.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Updated upload size validation in two Java classes to account for multipart encoding overhead by adding a 64KB margin to size limits and adjusting limit comparisons and where the margin is applied.

Changes

Cohort / File(s)	Change Summary
Upload size validation and multipart overhead margin content/content-tool/tool/src/java/org/sakaiproject/content/tool/ResourcesHelperAction.java, kernel/api/src/main/java/org/sakaiproject/util/RequestFilter.java	Added a 64KB margin to upload size calculations; converted configured MB limit to bytes for comparison; applied the margin to overall and per-file limits (in RequestFilter both setSizeMax and setFileSizeMax use the margin); adjusted comparison logic/comments to reflect multipart overhead and boundary considerations.

Suggested reviewers

• ern
• ottenhoff
• jesusmmp

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly addresses the main change: fixing an issue where file uploads fail when the file size equals the maximum allowed size, which is resolved by adjusting the file size threshold calculation to account for multipart overhead.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

• Provide your own instructions using the high_level_summary_instructions setting.
• Format the summary however you like (bullet lists, tables, multi-section layouts, contributor stats, etc.).
• Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example instruction:

"Divide the high-level summary into five sections:

1. 📝 Description — Summarize the main change in 50–60 words, explaining what was done.
2. 📓 References — List relevant issues, discussions, documentation, or related PRs.
3. 📦 Dependencies & Requirements — Mention any new/updated dependencies, environment variable changes, or configuration updates.
4. 📊 Contributor Summary — Include a Markdown table showing contributions:
   | Contributor | Lines Added | Lines Removed | Files Changed |
5. ✔️ Additional Notes — Add any extra reviewer context.
   Keep each section concise (under 200 words) and use bullet or numbered lists for clarity."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between efc337f and 55807df.

📒 Files selected for processing (2)

• content/content-tool/tool/src/java/org/sakaiproject/content/tool/ResourcesHelperAction.java (1 hunks)
• kernel/api/src/main/java/org/sakaiproject/util/RequestFilter.java (2 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.java

📄 CodeRabbit inference engine (.cursor/rules/logging-rule.mdc)

**/*.java: Use SLF4J parameterized logging (logger.info("Value is: {}", value)) instead of string concatenation (logger.info("Value is: " + value))
Log messages and code comments should be in English. Log messages should never be translated.

**/*.java: Java: Never use local variable type inference (var). Always declare explicit types. Yes: Map<String, Integer> counts = new HashMap<>(); No: var counts = new HashMap<String, Integer>();
When proposing Java code, spell out full types in local variable declarations, for loops, and try-with-resources
When editing Java, prefer clarity over brevity; avoid introducing language features that aren't widely used in the repo
Treat any PR or suggestion containing Java var as non-compliant. Recommend replacing with explicit types before merge

**/*.java: Use Java 17 for trunk development (Java 11 was used for Sakai 22 and Sakai 23)
Do not use local variable type inference (var) in Java code. Always declare explicit types (e.g., List<String> names = new ArrayList<>(); not var names = new ArrayList<String>();). Enforced by Checkstyle rule during mvn validate

Files:

• content/content-tool/tool/src/java/org/sakaiproject/content/tool/ResourcesHelperAction.java
• kernel/api/src/main/java/org/sakaiproject/util/RequestFilter.java

🧬 Code graph analysis (2)

content/content-tool/tool/src/java/org/sakaiproject/content/tool/ResourcesHelperAction.java (1)

library/src/webapp/js/postem-dropzone.js (1)

• uploadMax (26-26)

kernel/api/src/main/java/org/sakaiproject/util/RequestFilter.java (1)

library/src/webapp/js/postem-dropzone.js (1)

• uploadMax (26-26)

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: maven-build
• GitHub Check: sakai-deploy
• GitHub Check: maven-build

🔇 Additional comments (2)

kernel/api/src/main/java/org/sakaiproject/util/RequestFilter.java (1)

971-978: Margin addition to upload limits correctly handles multipart overhead.

The 64KB margin added to both setSizeMax and setFileSizeMax allows Apache Commons FileUpload to accept requests where the content-length equals the configured limit plus multipart overhead. This aligns with the PR objective of allowing files at exactly the maximum size.

content/content-tool/tool/src/java/org/sakaiproject/content/tool/ResourcesHelperAction.java (1)

1942-1948: The original review comment's logic is sound, but repository access is unavailable for direct verification.

The web search confirms that FileItem.getSize() returns the file content size without multipart overhead (boundaries, headers, form fields). This validates the original review's core concern:

• In ResourcesHelperAction.java: fileSize includes multipart overhead (from Content-Length header), so the comparison fileSize > (uploadMaxBytes + margin) correctly allows files at exactly the configured limit.
• In RequestFilter.java: item.getSize() does not include overhead, so using >= would incorrectly reject files at exactly the configured limit.

This represents a genuine inconsistency that contradicts the PR objective. However, I cannot directly verify the code in RequestFilter.java (line 1028) due to repository access issues.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

kernel/api/src/main/java/org/sakaiproject/util/RequestFilter.java (1)

971-979: Margin logic is reasonable, but guard uploadMax and align per‑file exception handling

The 64KB buffer to compensate for multipart overhead and Commons’ >= semantics makes sense and should address the “file exactly at the limit” failures. Two follow‑ups would tighten this:

1. Avoid clamping “unlimited” configs to 64KB
   uploadMax is initialised to -1 and only set when m_uploadMaxSize > 0 (or a valid override is present). If someone configures m_uploadMaxSize <= 0 to mean “no limit”, this block will currently enforce 64KB instead of “unlimited”:

   long margin = 64L * 1024L; // 64KB margin for multipart overhead
   upload.setSizeMax(uploadMax + margin);
   upload.setFileSizeMax(uploadMax + margin);

   Consider guarding with if (uploadMax > 0) so you keep the previous “no limit” behavior when uploadMax is negative:

   -        long margin = 64L * 1024L; // 64KB margin for multipart overhead
   -
   -        upload.setSizeMax(uploadMax + margin);
   -        upload.setFileSizeMax(uploadMax + margin);
   +        if (uploadMax > 0) {
   +            long margin = 64L * 1024L; // 64KB margin for multipart overhead
   +
   +            upload.setSizeMax(uploadMax + margin);
   +            upload.setFileSizeMax(uploadMax + margin);
   +        }

2. Now that fileSizeMax is set, surface per‑file limit breaches consistently
   With upload.setFileSizeMax(uploadMax + margin) active, Commons FileUpload can throw FileUploadBase.FileSizeLimitExceededException for per‑file overages. Right now that will fall into the generic FileUploadException catch block and be reported as "exception" rather than "size_limit_exceeded", unlike the existing SizeLimitExceededException handling.

   It would be good to add a dedicated catch for FileUploadBase.FileSizeLimitExceededException that mirrors the SizeLimitExceededException path (set "upload.status" to "size_limit_exceeded", populate "upload.exception" and "upload.limit"), so tools see a consistent limit‑exceeded signal instead of a generic parsing error. This also matches the existing TODO comment just below the current catch blocks.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 55807df and 21f0ee5.

📒 Files selected for processing (1)

• kernel/api/src/main/java/org/sakaiproject/util/RequestFilter.java (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.java

📄 CodeRabbit inference engine (.cursor/rules/logging-rule.mdc)

**/*.java: Use SLF4J parameterized logging (logger.info("Value is: {}", value)) instead of string concatenation (logger.info("Value is: " + value))
Log messages and code comments should be in English. Log messages should never be translated.

**/*.java: Java: Never use local variable type inference (var). Always declare explicit types. Yes: Map<String, Integer> counts = new HashMap<>(); No: var counts = new HashMap<String, Integer>();
When proposing Java code, spell out full types in local variable declarations, for loops, and try-with-resources
When editing Java, prefer clarity over brevity; avoid introducing language features that aren't widely used in the repo
Treat any PR or suggestion containing Java var as non-compliant. Recommend replacing with explicit types before merge

**/*.java: Use Java 17 for trunk development (Java 11 was used for Sakai 22 and Sakai 23)
Do not use local variable type inference (var) in Java code. Always declare explicit types (e.g., List<String> names = new ArrayList<>(); not var names = new ArrayList<String>();). Enforced by Checkstyle rule during mvn validate

Files:

• kernel/api/src/main/java/org/sakaiproject/util/RequestFilter.java

🧬 Code graph analysis (1)

kernel/api/src/main/java/org/sakaiproject/util/RequestFilter.java (1)

library/src/webapp/js/postem-dropzone.js (1)

• uploadMax (26-26)

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: sakai-deploy
• GitHub Check: maven-build
• GitHub Check: maven-build