Guard against large reads
Snowflake code calls ioutil.ReadAll from a socket/HTTP in many places in the code: 1 2 3 4 5.
These should all get an io.LimitReader or http.MaxBytesReader with a limit of 100 KB or so. Like this one:
body, err := ioutil.ReadAll(http.MaxBytesReader(w, req.Body, 100000))
if err != nil {
http.Error(w, "Bad request.", http.StatusBadRequest)
return
}
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information