Skip to content

fix(wasm): stop rejecting legitimate large folder drops #129

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
danielewood wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix(wasm): stop rejecting legitimate large folder drops #129

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a4cc8f5
fix(wasm): stop rejecting legitimate large folder drops
danielewood Mar 6, 2026
c68b53e
docs(changelog): reference PR #129 for WASM cap removal
danielewood Mar 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

### Fixed

- Remove the arbitrary 200-file cap from WASM upload and inspect flows; rely on byte limits instead. ([#129])
- Make `scan --bundle-path` skip untrusted/verification-failing bundle candidates instead of aborting the full export run. ([#112])
- Improve scan summaries by adding `in <files> file(s)` and live TTY progress updates for certificates/keys/files. ([#112])
- Send live scan progress updates to stderr so stdout remains clean for piped output. ([#112])
Expand Down
3 changes: 0 additions & 3 deletions cmd/wasm/inspect.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,6 @@ func inspectFiles(_ js.Value, args []js.Value) any {

filesArg := args[0]
length := filesArg.Length()
if length > wasmMaxInputFiles {
return jsError(fmt.Sprintf("too many files: %d (max %d)", length, wasmMaxInputFiles))
}

var passwords []string
if len(args) >= 2 && args[1].Type() == js.TypeString {
Expand Down
7 changes: 3 additions & 4 deletions cmd/wasm/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,10 @@ import (
"github.com/sensiblebit/certkit/internal/certstore"
)

// Keep these as byte limits only. Do not add a file-count cap for WASM input:
// the browser app runs on the user's machine, and folder drops may
// legitimately contain thousands of small files.
const (
wasmMaxInputFiles = 200
wasmMaxInputFileBytes = 10 * 1024 * 1024
wasmMaxInputTotalBytes = 50 * 1024 * 1024
)
Expand Down Expand Up @@ -90,9 +92,6 @@ func addFiles(_ js.Value, args []js.Value) any {

filesArg := args[0]
length := filesArg.Length()
if length > wasmMaxInputFiles {
return jsError(fmt.Sprintf("too many files: %d (max %d)", length, wasmMaxInputFiles))
}

Comment on lines 93 to 95
Copy link

Copilot AI Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now that the file-count cap is removed, length may be very large. In addFiles, when readWASMFileData starts returning the total-bytes-limit error, the loop continues and appends an error result for every remaining file. This can create a huge results JSON payload and a lot of work/logging for drops with thousands of files. Consider detecting the total-bytes-limit condition and stopping early (e.g., break/reject with a single error, or mark the remainder skipped without iterating).

Copilot uses AI. Check for mistakes.
var passwords []string
if len(args) >= 2 && args[1].Type() == js.TypeString {
Expand Down
45 changes: 42 additions & 3 deletions web/package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.