Confirmed users
491
edits
WebAppSec/Secure Coding Guidelines: Difference between revisions
WebAppSec/Secure Coding Guidelines (view source)
Revision as of 01:47, 21 January 2011
, 21 January 2011→Uploads
| Line 304: | Line 304: | ||
== Uploads == | == Uploads == | ||
'''Attacks of Concern''': Malformed user uploads containing JavaScript, HTML or other executable code, Arbitrary file overwrite | '''Attacks of Concern''': Malformed user uploads containing JavaScript, HTML or other executable code, Arbitrary file overwrite | ||
=== Image Upload === | |||
'''Upload Verification''' | |||
* Use input validation to ensure the uploaded filename uses an expected extension type | |||
* Ensure the uploaded image is not larger than a set maximum size | |||
* Use image rewriting libraries to verify the image is valid and to strip away extraneous content | |||
* Set the extension of the stored image to be a valid image extension (jpg, png, etc) | |||
'''Upload Storage''' | |||
* Use a new filename to store the image on the os. Do not use any user controlled text for this filename. | |||
* Properly escape the uploaded filename to ensure the user cannot modify the storage location by including directory traversal characters | |||
* Store all user uploaded files on a separate domain (e.g. mozillafiles.net vs mozilla.org) | |||
'''Public Serving of Uploaded Content''' | |||
* Ensure the image is served with the correct content-type (e.g. image/jpeg) | |||
=Further Reading= | =Further Reading= | ||