Uploading big samples for analysis giving unexpected response

Question

While doing the 'POST' request to 'https://de.api.labs.sophos.com/analysis/file/static/v1', I am getting 'HTTP content length exceeded 10485760 bytes.' response.

I know there is a limit to file size we can upload, but earlier we used to get '{message: 'Request Too Long'}' for bigger files(e.g. b28e99d046ac108830a3f5cf0f8eb485b7ce1abafe4d516fba5b4c71cec57fed), which is easier to parse because of JSON.

I am trying to upload sample with sha256 'e102238100a8b97d22559065e3b19379757aeda932c36916d2c84a4178921854'.

Request-

curl -X POST \
  https://de.api.labs.sophos.com/analysis/file/static/v1 \
  -H 'Authorization: <redacted>' \
  -H 'content-type: multipart/form-data' \
  -F file=@/tmp/e102238100a8b97d22559065e3b19379757aeda932c36916d2c84a4178921854

So, is there any standard response we will get while uploading big sample size?

Answer 1

The best practice would be to check the response's status code before parsing the response body, so in your case, running curl with the -i or -v option would expose this information to you.

Due to infrastructural limitations, submitting an oversized file up to ~6MB results in a HTTP 413 response, and above that, you can get error messages like 'Remote end closed connection without response' or 'Broken pipe', without a status code.

While the file size restriction may be subject to change in the future, currently there are no plans to change this behaviour.