From 2f658eb305a2114d22a577468f011eba84ad0816 Mon Sep 17 00:00:00 2001
From: Zygmunt Krynicki <me@zygoon.pl>
Date: Tue, 26 Sep 2023 15:07:08 +0200
Subject: [PATCH] hawkbit-ddi-resource: do not log range requests

Range requests can be extremely numerous, and logging them is counter
productive. The large number of messages can overflow the action history,
making it nearly useless. Worse this can trigger denial-of-service protection
limits, even on moderate artifact sizes.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
---
 .../hawkbit/ddi/rest/resource/DdiRootController.java   | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/hawkbit-rest/hawkbit-ddi-resource/src/main/java/org/eclipse/hawkbit/ddi/rest/resource/DdiRootController.java b/hawkbit-rest/hawkbit-ddi-resource/src/main/java/org/eclipse/hawkbit/ddi/rest/resource/DdiRootController.java
index 0801e5d59c..11c284a995 100644
--- a/hawkbit-rest/hawkbit-ddi-resource/src/main/java/org/eclipse/hawkbit/ddi/rest/resource/DdiRootController.java
+++ b/hawkbit-rest/hawkbit-ddi-resource/src/main/java/org/eclipse/hawkbit/ddi/rest/resource/DdiRootController.java
@@ -204,7 +204,7 @@ public ResponseEntity<InputStream> downloadArtifact(@PathVariable("tenant") fina
                 final ActionStatus action = checkAndLogDownload(requestResponseContextHolder.getHttpServletRequest(),
                         target, module.getId());
 
-                final Long statusId = action.getId();
+                final Long statusId = action != null ? action.getId() : Long.valueOf(0);
 
                 result = FileStreamingUtil.writeFileResponse(file, artifact.getFilename(), artifact.getCreatedAt(),
                         requestResponseContextHolder.getHttpServletResponse(),
@@ -226,13 +226,11 @@ private ActionStatus checkAndLogDownload(final HttpServletRequest request, final
         final String range = request.getHeader("Range");
 
         final String message;
-        if (range != null) {
-            message = RepositoryConstants.SERVER_MESSAGE_PREFIX + "Target downloads range " + range + " of: "
-                    + request.getRequestURI();
-        } else {
-            message = RepositoryConstants.SERVER_MESSAGE_PREFIX + "Target downloads " + request.getRequestURI();
+        if (range == null) {
+            return null;
         }
 
+        message = RepositoryConstants.SERVER_MESSAGE_PREFIX + "Target downloads " + request.getRequestURI();
         return controllerManagement.addInformationalActionStatus(
                 entityFactory.actionStatus().create(action.getId()).status(Status.DOWNLOAD).message(message));
     }