Reputation: 1
Fortify Issue: Often Misused File Upload
Fortify is pointing issue at <input . This Fortify recommended Recommendation: Do not allow file uploads if they can be avoided. If a program must accept file uploads, then restrict the ability of an attacker to supply malicious content by only accepting the specific types of content the program expects. Most attacks that rely on uploaded content require that attackers be able to supply content of their choosing. Placing restrictions on the content the program will accept will greatly limit the range of possible attacks. Check file names, extensions, and file content to make sure they are all expected and acceptable for use by the application.
I tried MIME TYPE,Sanitized File Name,File size validation check,content type check, but Fortify still points at <input for Often Misused: File Upload Here is the point of the code where Fortify reports issue
<input
class="file-input"
type="file"
accept=".pdf"
#fileDropRef
(change)="fileBrowseHandler($event, \['pdf', 'doc', 'png', 'jpg'\])"
\[disabled\]="
allowedNumberOfFiles &&
!(uploadedFiles.length \< allowedNumberOfFiles)
"
hidden
data-test-id="upload-file"
id="upload-file"
name="upload-file" >
Upvotes: 0
Views: 567
Answers (0)
Related Questions
- How to check file MIME type with JavaScript before upload?
- jQuery Ajax File Upload
- How can I upload files to a server using JSP/Servlet?
- JavaScript: Upload file
- How does HTTP file upload work?
- Posting a File and Associated Data to a RESTful WebService preferably as JSON
- Verify MIME type in PDF file upload in DRUPAL