suggestions please "what should i watch for/guard against' in a file upload situation?"
Diez B. Roggisch
deets at web.de
Wed Oct 6 15:17:04 EDT 2010
Seebs <usenet-nospam at seebs.net> writes:
> On 2010-10-06, geekbuntu <gmilby at gmail.com> wrote:
>> in general, what are things i would want to 'watch for/guard against'
>> in a file upload situation?
>
> This question has virtually nothing to do with Python, which means you
> may not get very good answers.
In contrast to "comp.super.web.experts"? There are quite a few people
with web-experience here I'd say.
>
>> my checklist so far is basically to check the extension - ensure it
>> has 3 places, ensure it's in the allowed list (like jpg gif etc...).
>
> This strikes me as 100% irrelevant. Who cares what the extension is?
Given that most people are not computer savvy (always remember, the
default for windows is to hide extensions..), using it client-side can
be valuable to prevent long uploads that eventuall need to be rejected
otherwise (no mom, you can't upload word-docs as profile pictures).
>
>> not sure what else i could do to guard against anything bad
>> happening. maybe the file name itself could cause greif?
>
> Obvious things:
>
> * File name causes files to get created outside some particular
> upload directory ("../foo")
Or rather just store that as a simple meta-info, as allowing even the
best-intended "me-in-cool-pose.jpg" to overwrite that of the one other
cool guy using the website isn't gonna fly anyway.
> * File name has spaces
See above, but other then that - everything but shell-scripts deal well
with it.
> * Crazy stuff like null bytes in file name
> * File names which might break things if a user carelessly interacts
> with them, such as "foo.jpg /etc/passwd bar.jpg" (all one file name
> including two spaces).
Your strange focus on file-names that are pure meta information is a
little bit concerning...
>
> Basically, the key question is, could a hostile user come up with
> input to your script which could break something?
Certainly advice. But that's less focussed on filenames or file-uploads, but
on the whole subject of processing HTTP-requestst. Which would make a
point for *not* using a home-grown framework.
But then, Python is a bit less likely to suffer from buffer overflow or
similar kind of attacks.
Diez
More information about the Python-list
mailing list