https://cheatsheetseries.owasp.org/cheatsheets/File_Upload_Cheat_Sheet.html
Extension Validation
- List allowed extensions. Only allow safe and critical extensions for business functionality
- Ensure that input validation is applied before validating the extensions.
- Validate the file type, don't trust the Content-Type header as it can be spoofed
- 正则检查文件后缀
- 读取文件二进制,获取magic code,匹配文件类型
Filename Sanitization
- Change the filename to something generated by the application
- Set a filename length limit. Restrict the allowed characters if possible
- 替换文件名称为uuid等随机字符串,避免过长或者非法字符
- 数据库映射关系等方式,保存原始名称
Upload and Download Limits
- Set a file size limit
- 限制上传下载的最大大小
- 保证存储空间,估算存储成本、带宽成本
- 不用类型,应该配置不同的大小
File Storage Location
- Store the files on a different server. If that's not possible, store them outside of the webroot
- In the case of public access to the files, use a handler that gets mapped to filenames inside the application (someid -> file.ext)
- 优先选择Object Storage存储中间件
- 本地化存储,避免应用目录/数据目录/系统根目录,使用独立目录,并配置访问权限
- 读权限需要通过IP,用户权限等进行限制
Content-Type Validation
- 用于快速检测,但Content-Type由用户生成,本身不可信,不能用于唯一校验手段
File Content Validation
- Run the file through an antivirus or a sandbox if available to validate that it doesn't contain malicious data
- 特殊类型的文件,可以进行特定判断,Images/Randomization,MicroSoft/Apache POI
- 落地存储后,运行扫描软件,ClamScan(Linux):需要时间成本
Malware Scanning Architecture
- 在请求-响应周期内,对每一个文件相关请求进行阻断性扫描,是不合理的
- 可以在请求-响应周期外,将文件保存到安全的位置,通过数据库记录相关的文件元数据(名称,大小,时间,类型,来源等)
,同时添加安全性标识(待扫描,安全,危险),通过异步任务更新安全性标识,同时应用基于安全性标识控制文件相关行为 - 两种方式实现用户侧友好,1.仅上传人可见,并提示安全性进度,2.所有人可见文件元数据信息,但在安全性进度完成前,不提供任何操作
3rd Party Power
- Block at Edge:CDN: Akamai;Cloudflare
- IP/GEO Firewall, DDoS, WAF, Malware Protection
- Sperate from application server
- Single Responsibility with more Professional
本文由 Ivan Dong 创作,采用 知识共享署名4.0 国际许可协议进行许可
本站文章除注明转载/出处外,均为本站原创或翻译,转载前请务必署名
最后编辑时间为: Jun 13, 2023 at 10:17 am