76 lines
3.5 KiB
Markdown
76 lines
3.5 KiB
Markdown
---
|
|
description: Secure file handling & uploads (validation, storage isolation, scanning, safe delivery)
|
|
languages:
|
|
- c
|
|
- go
|
|
- java
|
|
- javascript
|
|
- php
|
|
- python
|
|
- ruby
|
|
- typescript
|
|
alwaysApply: false
|
|
---
|
|
|
|
rule_id: codeguard-0-file-handling-and-uploads
|
|
|
|
## File Upload Security Guidelines
|
|
|
|
This rule advises on secure file upload practices to prevent malicious file attacks and protect system integrity:
|
|
|
|
- Extension Validation
|
|
- List allowed extensions only for business-critical functionality.
|
|
- Ensure input validation is applied before validating extensions.
|
|
- Avoid double extensions (e.g., `.jpg.php`) and null byte injection (e.g., `.php%00.jpg`).
|
|
- Use allowlist approach rather than denylist for file extensions.
|
|
- Validate extensions after decoding filename to prevent bypass attempts.
|
|
|
|
- Content Type and File Signature Validation
|
|
- Never trust client-supplied Content-Type headers as they can be spoofed.
|
|
- Validate file signatures (magic numbers) in conjunction with Content-Type checking.
|
|
- Implement allowlist approach for MIME types as a quick protection layer.
|
|
- Use file signature validation but not as a standalone security measure.
|
|
|
|
- Filename Security
|
|
- Generate random filenames (UUID/GUID) instead of using user-supplied names.
|
|
- If user filenames required, implement maximum length limits.
|
|
- Restrict characters to alphanumeric, hyphens, spaces, and periods only.
|
|
- Prevent leading periods (hidden files) and sequential periods (directory traversal).
|
|
- Avoid leading hyphens or spaces for safer shell script processing.
|
|
|
|
- File Content Validation
|
|
- For images, apply image rewriting techniques to destroy malicious content.
|
|
- For Microsoft documents, use Apache POI for validation.
|
|
- Avoid ZIP files due to numerous attack vectors.
|
|
- Implement manual file review in sandboxed environments when resources allow.
|
|
- Integrate antivirus scanning and Content Disarm & Reconstruct (CDR) for applicable file types.
|
|
|
|
- Storage Security
|
|
- Store files on different servers for complete segregation when possible.
|
|
- Store files outside webroot with administrative access only.
|
|
- If storing in webroot, set write-only permissions with proper access controls.
|
|
- Use application handlers that map IDs to filenames for public access.
|
|
- Consider database storage for specific use cases with DBA expertise.
|
|
|
|
- Access Control and Authentication
|
|
- Require user authentication before allowing file uploads.
|
|
- Implement proper authorization levels for file access and modification.
|
|
- Set filesystem permissions on principle of least privilege.
|
|
- Scan files before execution if execution permission is required.
|
|
|
|
- Upload and Download Limits
|
|
- Set proper file size limits for upload protection.
|
|
- Consider post-decompression size limits for compressed files.
|
|
- Implement request limits for download services to prevent DoS attacks.
|
|
- Use secure methods to calculate ZIP file sizes safely.
|
|
|
|
- Additional Security Measures
|
|
- Protect file upload endpoints from CSRF attacks.
|
|
- Keep all file processing libraries securely configured and updated.
|
|
- Implement logging and monitoring for upload activities.
|
|
- Provide user reporting mechanisms for illegal content.
|
|
- Use secure extraction methods for compressed files.
|
|
|
|
Summary:
|
|
Implement defense-in-depth for file uploads through multi-layered validation, secure storage practices, proper access controls, and comprehensive monitoring. Never rely on single validation methods and always generate safe filenames to prevent attacks.
|