ベータ Shoulder はベータ版です — 結果が誤っている場合があります。皆さまのフィードバックが次に修正する内容を決定します。 フィードバックを送る
Shoulder.dev

開発者向け脅威インテリジェンス
📤

Unrestricted Upload of File with Dangerous Type

🛡️ 3 件のルールが検出します

Unrestricted Upload of File with Dangerous Type

The product allows the upload of files without properly validating the file type, which can lead to execution of malicious code.

When users can upload files without restriction, attackers may upload executable files, scripts, or other dangerous content that can be executed by the server or other users.

普及度
頻繁に悪用される
影響度
ハイ
3 件の重大度ハイのルール
予防
文書化済み
3 件の修正例
2 予防
2 予防

この脆弱性の修正方法

3 件の Shoulder 検出ルールに基づく Unrestricted File Upload の予防策。

🐹 Go すべて表示 Go 詳細 →
Unsafe File Upload HIGH

Validate file type, enforce size limits, and use generated filenames for uploads

+15 -3 go 
  func upload(w http.ResponseWriter, r *http.Request) {
-     file, header, _ := r.FormFile("file")
-     defer file.Close()
-     dst, _ := os.Create("/var/www/uploads/" + header.Filename)
+     r.Body = http.MaxBytesReader(w, r.Body, 10*1024*1024)
+     file, header, err := r.FormFile("file")
+     if err != nil {
+         http.Error(w, "Invalid file", 400)
+         return
+     }
+     defer file.Close()
+     ext := filepath.Ext(header.Filename)
+     allowed := map[string]bool{".jpg": true, ".png": true, ".pdf": true}
+     if !allowed[ext] {
+         http.Error(w, "File type not allowed", 400)
+         return
+     }
+     safeFilename := uuid.New().String() + ext
+     dst, _ := os.Create(filepath.Join("/var/uploads", safeFilename))
      defer dst.Close()
      io.Copy(dst, file)
  }
🟨 JavaScript すべて表示 JavaScript 詳細 →
Unrestricted File Upload HIGH

Add fileFilter to multer to validate uploaded file types

+11 -1 javascript 
- const upload = multer({ dest: 'uploads/' });
+ const upload = multer({
+   dest: 'uploads/',
+   fileFilter: (req, file, cb) => {
+     const allowed = ['image/jpeg', 'image/png', 'image/gif'];
+     if (allowed.includes(file.mimetype)) {
+       cb(null, true);
+     } else {
+       cb(new Error('Invalid file type'), false);
+     }
+   }
+ });
  app.post('/upload', upload.single('file'), handler);
🐍 Python すべて表示 Python 詳細 →
Insecure File Upload HIGH

Validate file extension, MIME type, and size; use secure_filename() for paths

+14 -7 python 
- from flask import request
- 
- @app.route('/upload', methods=['POST'])
- def upload():
-     file = request.files['file']
-     file.save(f'uploads/{file.filename}')
-     return {'status': 'uploaded'}
+ from flask import request, jsonify
+ from werkzeug.utils import secure_filename
+ 
+ ALLOWED = {'png', 'jpg', 'pdf'}
+ 
+ @app.route('/upload', methods=['POST'])
+ def upload():
+     file = request.files['file']
+     ext = file.filename.rsplit('.', 1)[-1].lower()
+     if ext not in ALLOWED:
+         return jsonify({'error': 'Invalid type'}), 400
+     filename = secure_filename(file.filename)
+     file.save(f'uploads/{filename}')
+     return jsonify({'filename': filename})
4 警告サイン
4 警告サイン

コードレビューで注目すべき点

これらのパターンはUnrestricted Upload of File with Dangerous Typeの潜在的な脆弱性を示しています。コードレビューとセキュリティ監査中に探してください。

🟠
File upload lacks proper validation go-unsafe-file-upload
🟠
Multer middleware at ... lacks fileFilter validation javascript-file-upload-validation
🟠
multer file upload middleware used without proper fileFilter validation javascript-file-upload-validation
🟠
file uploads without proper validation of file type, size, or content python-insecure-file-upload
🔍

コードベースをスキャン: Unrestricted Upload of File with Dangerous Type

Shoulder CLI はコードベース全体から脆弱なパターンを見つけます。

npx shoulder trust すべてのルールを表示