From ee755abd7555a774f8f39742fe0c439be8690345 Mon Sep 17 00:00:00 2001 From: Dominique RIGHETTO Date: Sun, 21 Jul 2024 15:20:24 +0000 Subject: [PATCH 1/3] Add hints about content validation --- cheatsheets/File_Upload_Cheat_Sheet.md | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/cheatsheets/File_Upload_Cheat_Sheet.md b/cheatsheets/File_Upload_Cheat_Sheet.md index 8d941fcbd5..160dc2bb7f 100644 --- a/cheatsheets/File_Upload_Cheat_Sheet.md +++ b/cheatsheets/File_Upload_Cheat_Sheet.md @@ -103,8 +103,23 @@ Based on the expected type, special file content validation can be applied: - For **images**, applying image rewriting techniques destroys any kind of malicious content injected in an image; this could be done through [randomization](https://security.stackexchange.com/a/8625/118367). - For **Microsoft documents**, the usage of [Apache POI](https://poi.apache.org/) helps validating the uploaded documents. +- For **PDF documents**, the usage of [Apache PDFBox](https://pdfbox.apache.org/) helps validating the uploaded documents. - **ZIP files** are not recommended since they can contain all types of files, and the attack vectors pertaining to them are numerous. +It is possible to "hide" a malicious file in a document or image, by adding it to the end of the source file, like this: + +```shell +$ file safe-document.pdf +safe-document.pdf: PDF document, version 1.4 +$ file malicious-file.exe +malicious-file.exe: PE32+ executable (console) x86-64, for MS Windows +$ cat safe-document.pdf malicious-file.exe > malicious-document.pdf +$ file malicious-document.pdf +malicious-document.pdf: PDF document, version 1.4 +``` + +Therefore, it is recommended like mentioned above for images, to apply document rewriting techniques to destroys any kind of malicious content embedded. + The File Upload service should allow users to report illegal content, and copyright owners to report abuse. If there are enough resources, manual file review should be conducted in a sandboxed environment before releasing the files to the public. @@ -149,6 +164,3 @@ The application should set proper size limits for the upload service in order to The application should set proper request limits as well for the download service if available to protect the server from DoS attacks. -## Java Code Snippets - -[Document Upload Protection](https://github.com/righettod/document-upload-protection) repository written by Dominique for certain document types in Java. From 1b1c6002ccac0f54f60840a680f0aaf31d11675a Mon Sep 17 00:00:00 2001 From: Dominique RIGHETTO Date: Sun, 21 Jul 2024 15:29:18 +0000 Subject: [PATCH 2/3] Fix linter error --- cheatsheets/File_Upload_Cheat_Sheet.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cheatsheets/File_Upload_Cheat_Sheet.md b/cheatsheets/File_Upload_Cheat_Sheet.md index 160dc2bb7f..5779def603 100644 --- a/cheatsheets/File_Upload_Cheat_Sheet.md +++ b/cheatsheets/File_Upload_Cheat_Sheet.md @@ -162,5 +162,4 @@ Files should be stored in a way that ensures: The application should set proper size limits for the upload service in order to protect the file storage capacity. If the system is going to extract the files or process them, the file size limit should be considered after file decompression is conducted and by using secure methods to calculate zip files size. For more on this, see how to [Safely extract files from ZipInputStream](https://wiki.sei.cmu.edu/confluence/display/java/IDS04-J.+Safely+extract+files+from+ZipInputStream), Java's input stream to handle ZIP files. -The application should set proper request limits as well for the download service if available to protect the server from DoS attacks. - +The application should set proper request limits as well for the download service if available to protect the server from DoS attacks. \ No newline at end of file From 9ec9f7928b43105aaa71e7b71aeece0f008ea7bf Mon Sep 17 00:00:00 2001 From: Dominique RIGHETTO Date: Sun, 21 Jul 2024 15:30:07 +0000 Subject: [PATCH 3/3] Fix linter error --- cheatsheets/File_Upload_Cheat_Sheet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cheatsheets/File_Upload_Cheat_Sheet.md b/cheatsheets/File_Upload_Cheat_Sheet.md index 5779def603..b60d6e72c2 100644 --- a/cheatsheets/File_Upload_Cheat_Sheet.md +++ b/cheatsheets/File_Upload_Cheat_Sheet.md @@ -162,4 +162,4 @@ Files should be stored in a way that ensures: The application should set proper size limits for the upload service in order to protect the file storage capacity. If the system is going to extract the files or process them, the file size limit should be considered after file decompression is conducted and by using secure methods to calculate zip files size. For more on this, see how to [Safely extract files from ZipInputStream](https://wiki.sei.cmu.edu/confluence/display/java/IDS04-J.+Safely+extract+files+from+ZipInputStream), Java's input stream to handle ZIP files. -The application should set proper request limits as well for the download service if available to protect the server from DoS attacks. \ No newline at end of file +The application should set proper request limits as well for the download service if available to protect the server from DoS attacks.