# Unrestricted Upload of File with Dangerous Type (CWE-434) The product allows the upload of files without properly validating the file type, which can lead to execution of malicious code. **Stack:** Python - Prevalence: 높음 자주 악용됨 - Impact: 높음 3개의 높은 심각도 규칙 - Prevention: 문서화됨 3개의 수정 예시 **OWASP:** Broken Access Control (A01:2021-Broken Access Control) - #1 ## Description When users can upload files without restriction, attackers may upload executable files, scripts, or other dangerous content that can be executed by the server or other users. ## Prevention 1개의 Shoulder 탐지 규칙을 기반으로 한 Unrestricted File Upload 예방 전략. ### Python Validate file extension, MIME type, and size; use secure_filename() for paths ## Warning Signs - [HIGH] file uploads without proper validation of file type, size, or content ## Consequences - 승인되지 않은 코드 실행 - 애플리케이션 데이터 읽기 - 애플리케이션 데이터 수정 ## Mitigations - 파일 유형은 확장자만이 아니라 서버에서 검증하세요 - 업로드된 파일은 웹 루트 외부에 저장하세요 - 허용되는 파일 유형에 대해 허용 목록을 사용하세요 - 업로드된 파일은 실행을 방지하기 위해 이름을 바꾸세요 ## Detection - Total rules: 3 - Languages: go, javascript, typescript, python ## Rules by Language ### Python (1 rules) - **Insecure File Upload** [HIGH]: Detects file uploads without proper validation of file type, size, or content. Malicious uploads can lead to code execution, path traversal, or denial of service. Always validate file extensions, MIME types, content, and size. - Remediation: Validate file extension, MIME type, and size; use secure_filename() for the filename. ```python from flask import request, jsonify from werkzeug.utils import secure_filename import magic ALLOWED = {'png', 'jpg', 'pdf'} @app.route('/upload', methods=['POST']) def upload(): file = request.files['file'] ext = file.filename.rsplit('.', 1)[-1].lower() if ext not in ALLOWED: return jsonify({'error': 'Invalid type'}), 400 filename = secure_filename(file.filename) file.save(f'uploads/{filename}') return jsonify({'filename': filename}) ``` Learn more: https://shoulder.dev/learn/python/cwe-434/insecure-file-upload