.Zip files circumventing Appian's default 1GB file size validation?

jaker over 5 years ago

Hi All,

During our testing we found that if a user uploads a .zip file with multiple .zip files within, they are able to circumvent the default Appian validation on 1GB file size. After further investigation/googling it looks like nested .zip files have potential to actually increase file size due to properties and metadata that get appended to the file after compressing.

Our issue is that the contents of the .zip are ~.98 GB while the .zip itself is ~1.04GB. See attached. Because the Appian validation looks at file contents it passed the validation and as a result the environment heap spiked and became nearly unusable for all users.

We are investigating a custom validation but it seems useless as Appian already validates this info.

Any thoughts or insight greatly appreciated.

Discussion posts and replies are publicly visible

0 Carlos Santander
A Score Level 2
over 5 years ago

I'm not 100% certain, but I think the numbers you're looking mean something else. If you look at the file properties (right click > Properties), you'll see Size and Size on disk. Those numbers should match what you have in the screenshot you sent. If you open the zip file with an archive tool (WinZip, 7-Zip, etc.), you'll get actual compressed and uncompressed size.

With that behind us, what you're describing wouldn't be specific to zip files, but rather something that stems from how file systems work.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 jaker over 5 years ago in reply to Carlos Santander

Thanks for the response. I agree its with how file systems work but it still seems that there is an issue with the out of the box validation in Appian. If the size and size on disk is less than <1GB but the uncompressed size is >1GB shouldn' the validation run on uncompressed size? It seems that .zip/compressed files were left out of the equation
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Josh
Certified Lead Developer
over 5 years ago in reply to jaker

The file size validation is on the file you upload, archived or unarchived. If the file size is below 1 GB, even if it is archived, I would expect it to pass validation.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Carlos Santander
A Score Level 2
over 5 years ago in reply to Josh

I agree. A different example might be a docx file: it's also zip-compressed, yet we don't think about its contents (all the XMLs inside it) when determining its size.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Mike Schmitt
Certified Lead Developer
over 5 years ago

Also you need to remember that 1GB does not necessarily equal 1,000,000,000 bytes (or 1,000,000 kb), and therefore it's partly up to the filesystem interpretation of what comprises a "gigabyte" (or even gibibyte in some cases) when the "GB" breakdown is displayed. If you want to really test whether it's a matter of zip files & Appian validation, use a file that's clearly over 1GB, more like 1.5 or so.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 jaker over 5 years ago in reply to Mike Schmitt

Thanks. We have run some tests and it looks like we are not receiving the out-of-the-box over 1GB validation. Is there a configuration we need to make to our instance to trigger this? We would rather not build a custom validation on the file upload components in the event users receive 2 validation messages. As of now the behavior is user uploads a file >1GB, Appian removes the file with no message.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 harshav420 over 5 years ago in reply to jaker

Hi Jaker,

On a similar note are also planning to upload some documents which are of 5GB files with the testings you have done for your application can you please let me know what would be the affect on the environment while the file gets uploaded and how to handle such type of senarios.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel