From e75003c32d0d47df2e16b8fb7c18d0712a596a27 Mon Sep 17 00:00:00 2001
From: beeb <vbersier@gmail.com>
Date: Thu, 9 Feb 2023 21:16:53 +0100
Subject: [PATCH 1/2] fix: validate filename length

---
 src/config.rs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/config.rs b/src/config.rs
index 0227566..bb8ec04 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -129,12 +129,14 @@ pub(crate) async fn parse_config() -> Result<Params> {
     })
 }
 
-/// Only keep recommended chars for S3 object keys
+/// Only keep recommended chars for S3 object keys and truncate to 1000 chars
 fn sanitize_filename(filename: impl Into<String>) -> String {
     let mut filename: String = filename.into();
     // remove invalid characters
     filename.retain(|c| c.is_ascii_alphanumeric() || VALID_FILENAME_CHARS.contains(c));
-    filename
+    // since we only have ascii and single-byte special chars, we should be able to keep 1024 chars to stay under
+    // 1024 bytes, but for good measure we'll limit to 1000
+    filename.chars().take(1000).collect()
 }
 
 #[cfg(test)]
@@ -149,5 +151,6 @@ mod tests {
         assert_eq!(&sanitize_filename("foo.tar.gz"), "foo.tar.gz");
         assert_eq!(&sanitize_filename("٣৬¾①"), "");
         assert_eq!(&sanitize_filename("!-_.*'()/"), "!-_.*'()/");
+        assert_eq!(sanitize_filename("Bar1".repeat(256)), "Bar1".repeat(250));
     }
 }

From 5d43bdf10b1a83002bcb84ad4d3e432099850a96 Mon Sep 17 00:00:00 2001
From: beeb <vbersier@gmail.com>
Date: Thu, 9 Feb 2023 21:17:40 +0100
Subject: [PATCH 2/2] test: add special char test case

---
 src/config.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/config.rs b/src/config.rs
index bb8ec04..69c84ae 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -149,7 +149,7 @@ mod tests {
         assert_eq!(&sanitize_filename("foo bar"), "foobar");
         assert_eq!(&sanitize_filename("foo/bar"), "foo/bar");
         assert_eq!(&sanitize_filename("foo.tar.gz"), "foo.tar.gz");
-        assert_eq!(&sanitize_filename("٣৬¾①"), "");
+        assert_eq!(&sanitize_filename("٣৬¾①🦀"), "");
         assert_eq!(&sanitize_filename("!-_.*'()/"), "!-_.*'()/");
         assert_eq!(sanitize_filename("Bar1".repeat(256)), "Bar1".repeat(250));
     }