BETA Shoulder ist in der Beta — Befunde können manchmal falsch sein. Dein Feedback bestimmt, was wir als Nächstes beheben. Feedback teilen
Shoulder.dev

Bedrohungsintelligenz für Entwickler
📤

Unrestricted Upload of File with Dangerous Type

🛡️ 3 Regeln erkennen dies

Unrestricted Upload of File with Dangerous Type

The product allows the upload of files without properly validating the file type, which can lead to execution of malicious code.

When users can upload files without restriction, attackers may upload executable files, scripts, or other dangerous content that can be executed by the server or other users.

Verbreitung
Hoch
Häufig ausgenutzt
Auswirkung
Hoch
3 Regeln mit hohem Schweregrad
Prävention
Dokumentiert
3 Fix-Beispiele
2 Prävention
2 Prävention

So behebst du diese Schwachstelle

Präventionsstrategien für Unrestricted File Upload basierend auf 3 Shoulder-Erkennungsregeln.

🐹 Go Alle anzeigen Go Details →
Unsafe File Upload HIGH

Validate file type, enforce size limits, and use generated filenames for uploads

+15 -3 go 
  func upload(w http.ResponseWriter, r *http.Request) {
-     file, header, _ := r.FormFile("file")
-     defer file.Close()
-     dst, _ := os.Create("/var/www/uploads/" + header.Filename)
+     r.Body = http.MaxBytesReader(w, r.Body, 10*1024*1024)
+     file, header, err := r.FormFile("file")
+     if err != nil {
+         http.Error(w, "Invalid file", 400)
+         return
+     }
+     defer file.Close()
+     ext := filepath.Ext(header.Filename)
+     allowed := map[string]bool{".jpg": true, ".png": true, ".pdf": true}
+     if !allowed[ext] {
+         http.Error(w, "File type not allowed", 400)
+         return
+     }
+     safeFilename := uuid.New().String() + ext
+     dst, _ := os.Create(filepath.Join("/var/uploads", safeFilename))
      defer dst.Close()
      io.Copy(dst, file)
  }
🟨 JavaScript Alle anzeigen JavaScript Details →
Unrestricted File Upload HIGH

Add fileFilter to multer to validate uploaded file types

+11 -1 javascript 
- const upload = multer({ dest: 'uploads/' });
+ const upload = multer({
+   dest: 'uploads/',
+   fileFilter: (req, file, cb) => {
+     const allowed = ['image/jpeg', 'image/png', 'image/gif'];
+     if (allowed.includes(file.mimetype)) {
+       cb(null, true);
+     } else {
+       cb(new Error('Invalid file type'), false);
+     }
+   }
+ });
  app.post('/upload', upload.single('file'), handler);
🐍 Python Alle anzeigen Python Details →
Insecure File Upload HIGH

Validate file extension, MIME type, and size; use secure_filename() for paths

+14 -7 python 
- from flask import request
- 
- @app.route('/upload', methods=['POST'])
- def upload():
-     file = request.files['file']
-     file.save(f'uploads/{file.filename}')
-     return {'status': 'uploaded'}
+ from flask import request, jsonify
+ from werkzeug.utils import secure_filename
+ 
+ ALLOWED = {'png', 'jpg', 'pdf'}
+ 
+ @app.route('/upload', methods=['POST'])
+ def upload():
+     file = request.files['file']
+     ext = file.filename.rsplit('.', 1)[-1].lower()
+     if ext not in ALLOWED:
+         return jsonify({'error': 'Invalid type'}), 400
+     filename = secure_filename(file.filename)
+     file.save(f'uploads/{filename}')
+     return jsonify({'filename': filename})
4 Warnzeichen
4 Warnzeichen

Worauf bei Code-Reviews zu achten ist

Diese Muster weisen auf potenzielle Unrestricted Upload of File with Dangerous Type-Schwachstellen hin. Achten Sie bei Code-Reviews und Sicherheitsaudits darauf.

🟠
File upload lacks proper validation go-unsafe-file-upload
🟠
Multer middleware at ... lacks fileFilter validation javascript-file-upload-validation
🟠
multer file upload middleware used without proper fileFilter validation javascript-file-upload-validation
🟠
file uploads without proper validation of file type, size, or content python-insecure-file-upload
🔍

Scanne deine Codebasis nach Unrestricted Upload of File with Dangerous Type

Shoulder CLI findet anfällige Muster in deiner gesamten Codebasis.

npx shoulder trust Alle Regeln durchsuchen