Unrestricted Upload of File with Dangerous Type
The product allows the upload of files without properly validating the file type, which can lead to execution of malicious code.
When users can upload files without restriction, attackers may upload executable files, scripts, or other dangerous content that can be executed by the server or other users.
이 취약점을 수정하는 방법
3개의 Shoulder 탐지 규칙을 기반으로 한 Unrestricted File Upload 예방 전략.
Validate file type, enforce size limits, and use generated filenames for uploads
func upload(w http.ResponseWriter, r *http.Request) { - file, header, _ := r.FormFile("file") - defer file.Close() - dst, _ := os.Create("/var/www/uploads/" + header.Filename) + r.Body = http.MaxBytesReader(w, r.Body, 10*1024*1024) + file, header, err := r.FormFile("file") + if err != nil { + http.Error(w, "Invalid file", 400) + return + } + defer file.Close() + ext := filepath.Ext(header.Filename) + allowed := map[string]bool{".jpg": true, ".png": true, ".pdf": true} + if !allowed[ext] { + http.Error(w, "File type not allowed", 400) + return + } + safeFilename := uuid.New().String() + ext + dst, _ := os.Create(filepath.Join("/var/uploads", safeFilename)) defer dst.Close() io.Copy(dst, file) }
Add fileFilter to multer to validate uploaded file types
- const upload = multer({ dest: 'uploads/' }); + const upload = multer({ + dest: 'uploads/', + fileFilter: (req, file, cb) => { + const allowed = ['image/jpeg', 'image/png', 'image/gif']; + if (allowed.includes(file.mimetype)) { + cb(null, true); + } else { + cb(new Error('Invalid file type'), false); + } + } + }); app.post('/upload', upload.single('file'), handler);
Validate file extension, MIME type, and size; use secure_filename() for paths
- from flask import request - - @app.route('/upload', methods=['POST']) - def upload(): - file = request.files['file'] - file.save(f'uploads/{file.filename}') - return {'status': 'uploaded'} + from flask import request, jsonify + from werkzeug.utils import secure_filename + + ALLOWED = {'png', 'jpg', 'pdf'} + + @app.route('/upload', methods=['POST']) + def upload(): + file = request.files['file'] + ext = file.filename.rsplit('.', 1)[-1].lower() + if ext not in ALLOWED: + return jsonify({'error': 'Invalid type'}), 400 + filename = secure_filename(file.filename) + file.save(f'uploads/{filename}') + return jsonify({'filename': filename})
코드에서 취약점 찾기
Shoulder를 사용하여 코드에서 Unrestricted Upload of File with Dangerous Type 패턴을 스캔하세요. 3 규칙.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=434 # Or scan entire project npx @shoulderdev/cli trust .
탐지 규칙 (3)
코드 리뷰에서 주의할 점
이 패턴은 잠재적인 Unrestricted Upload of File with Dangerous Type 취약점을 나타냅니다. 코드 리뷰와 보안 감사 중에 찾아보세요.
코드베이스를 스캔하세요: Unrestricted Upload of File with Dangerous Type
Shoulder CLI는 전체 코드베이스에서 취약한 패턴을 찾아냅니다.