# File Size Validation Analyzer PRO

Category Severity Time To Fix
🛡️ Security Minor 5 minutes

Class: Enlightn\EnlightnPro\Analyzers\Security\FileSizeValidationAnalyzer

# Introduction

This analyzer scans your application code to detect missing file size validations.

If you allow file size uploads from users, it is a good practice to also validate and limit file size. Without this validation, your application may be exposed to a class of unrestricted file upload vulnerabilities called storage DOS attacks. Storage DOS attacks exploit missing file size validations and upload massive files to cause a denial of service (DOS) by exhausting the disk space.

While PHP also has a file size limit, it applies across your entire application. So, it will typically be set to the highest file size allowed by your application. This is why it is a good practice to have file size validations in your application as well.

# How To Fix

To fix this, add the max, size or between validation to limit the file upload size (in KB):

$request->validate([
   'profile_pic' => 'file|size:200', 
]);

# References