# File Size Validation Analyzer PRO
|Category||Severity||Time To Fix|
|🛡️ Security||Minor||5 minutes|
This analyzer scans your application code to detect missing file size validations.
If you allow file size uploads from users, it is a good practice to also validate and limit file size. Without this validation, your application may be exposed to a class of unrestricted file upload vulnerabilities called storage DOS attacks. Storage DOS attacks exploit missing file size validations and upload massive files to cause a denial of service (DOS) by exhausting the disk space.
While PHP also has a file size limit, it applies across your entire application. So, it will typically be set to the highest file size allowed by your application. This is why it is a good practice to have file size validations in your application as well.
# How To Fix
To fix this, add the
between validation to limit the file upload size (in KB):
$request->validate([ 'profile_pic' => 'file|size:200', ]);