update CHANGELOG

mscasso-scanoss · mscasso-scanoss · commit cb16812e0eac · 2026-03-31T20:23:45.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Added
+- Added configurable file contents size limit (`SCANOSS_FILE_CONTENTS_LIMIT`).
+  - Limits the maximum file size returned by the `file_contents` endpoint (default: 50 MB).
+  - Returns HTTP 400 when the file exceeds the configured limit.
 
 ## [1.6.5] - 2026-03-26
 ### Fixed
diff --git a/pkg/service/filecontents_service.go b/pkg/service/filecontents_service.go
@@ -83,6 +83,7 @@ func (s APIService) FileContents(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	limitBytes := s.config.Scanning.FileContentsLimit * 1024 * 1024
+	//unlimited for FileContentsLimit <= 0
 	if limitBytes > 0 && int64(len(output)) > limitBytes {
 		zs.Warnf("File contents size %d bytes exceeds limit %d MB for md5 %s", len(output), s.config.Scanning.FileContentsLimit, md5)
 		w.Header().Set(ContentTypeKey, ApplicationJSON)

Original file line number	Diff line number	Diff line change
`@@ -83,6 +83,7 @@ func (s APIService) FileContents(w http.ResponseWriter, r *http.Request) {`
`83`	`83`	`return`
`84`	`84`	`}`
`85`	`85`	`limitBytes := s.config.Scanning.FileContentsLimit * 1024 * 1024`
	`86`	`+ //unlimited for FileContentsLimit <= 0`
`86`	`87`	`if limitBytes > 0 && int64(len(output)) > limitBytes {`
`87`	`88`	`zs.Warnf("File contents size %d bytes exceeds limit %d MB for md5 %s", len(output), s.config.Scanning.FileContentsLimit, md5)`
`88`	`89`	`w.Header().Set(ContentTypeKey, ApplicationJSON)`