Главная » Языки программирования

Upload by java security

Содержание
  1. File Upload Cheat Sheet¶
  2. File Upload Threats¶
  3. Malicious Files¶
  4. Public File Retrieval¶
  5. File Upload Protection¶
  6. Extension Validation¶
  7. List Allowed Extensions¶
  8. Block Extensions¶
  9. Content-Type Validation¶
  10. File Signature Validation¶
  11. Filename Sanitization¶
  12. File Content Validation¶
  13. File Storage Location¶
  14. User Permissions¶
  15. Filesystem Permissions¶
  16. Upload and Download Limits¶
  17. Java Code Snippets¶
  18. Java SCP File Transfer Guide & Example | JSCAPE
  19. Would you like to try Secure FTP Factory for free?
  20. Popular Articles
  21. Setting Up SFTP Public Key Authentication On The Command Line
  22. Active vs. Passive FTP Simplified: Understanding FTP Ports
  23. Active-Active vs. Active-Passive High-Availability Clustering
  24. Using Windows FTP Scripts To Automate File Transfers

File Upload Cheat Sheet¶

File upload is becoming a more and more essential part of any application, where the user is able to upload their photo, their CV, or a video showcasing a project they are working on. The application should be able to fend off bogus and malicious files in a way to keep the application and the users safe.

In short, the following principles should be followed to reach a secure file upload implementation:

  • List allowed extensions. Only allow safe and critical extensions for business functionality
    • Ensure that input validation is applied before validating the extensions.
    • In the case of public access to the files, use a handler that gets mapped to filenames inside the application (someid -> file.ext)

    File Upload Threats¶

    In order to assess and know exactly what controls to implement, knowing what you’re facing is essential to protect your assets. The following sections will hopefully showcase the risks accompanying the file upload functionality.

    Malicious Files¶

    The attacker delivers a file for malicious intent, such as:

    1. Exploit vulnerabilities in the file parser or processing module (e.g.ImageTrick Exploit, XXE)
    2. Use the file for phishing (e.g. careers form)
    3. Send ZIP bombs, XML bombs (otherwise known as billion laughs attack), or simply huge files in a way to fill the server storage which hinders and damages the server’s availability
    4. Overwrite an existing file on the system
    5. Client-side active content (XSS, CSRF, etc.) that could endanger other users if the files are publicly retrievable.

    Public File Retrieval¶

    If the file uploaded is publicly retrievable, additional threats can be addressed:

    1. Public disclosure of other files
    2. Initiate a DoS attack by requesting lots of files. Requests are small, yet responses are much larger
    3. File content that could be deemed as illegal, offensive, or dangerous (e.g. personal data, copyrighted data, etc.) which will make you a host for such malicious files.

    File Upload Protection¶

    There is no silver bullet in validating user content. Implementing a defense in depth approach is key to make the upload process harder and more locked down to the needs and requirements for the service. Implementing multiple techniques is key and recommended, as no one technique is enough to secure the service.

    Extension Validation¶

    Ensure that the validation occurs after decoding the file name, and that a proper filter is set in place in order to avoid certain known bypasses, such as the following:

    • Double extensions, e.g. .jpg.php , where it circumvents easily the regex \.jpg
    • Null bytes, e.g. .php%00.jpg , where .jpg gets truncated and .php becomes the new extension
    • Generic bad regex that isn’t properly tested and well reviewed. Refrain from building your own logic unless you have enough knowledge on this topic.

    Refer to the Input Validation CS to properly parse and process the extension.

    List Allowed Extensions¶

    Ensure the usage of business-critical extensions only, without allowing any type of non-required extensions. For example if the system requires:

    • image upload, allow one type that is agreed upon to fit the business requirement;
    • cv upload, allow docx and pdf extensions.

    Based on the needs of the application, ensure the least harmful and the lowest risk file types to be used.

    Block Extensions¶

    Identify potentially harmful file types and block extensions that you regard harmful to your service.

    Please be aware that blocking specific extensions is a weak protection method on its own. The Unrestricted File Upload vulnerability article describes how attackers may attempt to bypass such a check.

    Content-Type Validation¶

    The Content-Type for uploaded files is provided by the user, and as such cannot be trusted, as it is trivial to spoof. Although it should not be relied upon for security, it provides a quick check to prevent users from unintentionally uploading files with the incorrect type.

    Other than defining the extension of the uploaded file, its MIME-type can be checked for a quick protection against simple file upload attacks.

    This can be done preferably in an allow list approach; otherwise, this can be done in a block list approach.

    File Signature Validation¶

    In conjunction with content-type validation, validating the file’s signature can be checked and verified against the expected file that should be received.

    This should not be used on its own, as bypassing it is pretty common and easy.

    Filename Sanitization¶

    Filenames can endanger the system in multiple ways, either by using non acceptable characters, or by using special and restricted filenames. For Windows, refer to the following MSDN guide. For a wider overview on different filesystems and how they treat files, refer to Wikipedia’s Filename page.

    In order to avoid the above mentioned threat, creating a random string as a file-name, such as generating a UUID/GUID, is essential. If the filename is required by the business needs, proper input validation should be done for client-side (e.g. active content that results in XSS and CSRF attacks) and back-end side (e.g. special files overwrite or creation) attack vectors. Filename length limits should be taken into consideration based on the system storing the files, as each system has its own filename length limit. If user filenames are required, consider implementing the following:

    • Implement a maximum length
    • Restrict characters to an allowed subset specifically, such as alphanumeric characters, hyphen, spaces, and periods
      • If this is not possible, block-list dangerous characters that could endanger the framework and system that is storing and using the files.

      File Content Validation¶

      As mentioned in the Public File Retrieval section, file content can contain malicious, inappropriate, or illegal data.

      Based on the expected type, special file content validation can be applied:

      • For images, applying image rewriting techniques destroys any kind of malicious content injected in an image; this could be done through randomization.
      • For Microsoft documents, the usage of Apache POI helps validating the uploaded documents.
      • ZIP files are not recommended since they can contain all types of files, and the attack vectors pertaining to them are numerous.

      The File Upload service should allow users to report illegal content, and copyright owners to report abuse.

      If there are enough resources, manual file review should be conducted in a sandboxed environment before releasing the files to the public.

      Adding some automation to the review could be helpful, which is a harsh process and should be well studied before its usage. Some services (e.g. Virus Total) provide APIs to scan files against well known malicious file hashes. Some frameworks can check and validate the raw content type and validating it against predefined file types, such as in ASP.NET Drawing Library. Beware of data leakage threats and information gathering by public services.

      File Storage Location¶

      The location where the files should be stored must be chosen based on security and business requirements. The following points are set by security priority, and are inclusive:

      1. Store the files on a different host, which allows for complete segregation of duties between the application serving the user, and the host handling file uploads and their storage.
      2. Store the files outside the webroot, where only administrative access is allowed.
      3. Store the files inside the webroot, and set them in write permissions only.
      4. If read access is required, setting proper controls is a must (e.g. internal IP, authorized user, etc.)

      Storing files in a studied manner in databases is one additional technique. This is sometimes used for automatic backup processes, non file-system attacks, and permissions issues. In return, this opens up the door to performance issues (in some cases), storage considerations for the database and its backups, and this opens up the door to SQLi attack. This is advised only when a DBA is on the team and that this process shows to be an improvement on storing them on the file-system.

      Some files are emailed or processed once they are uploaded, and are not stored on the server. It is essential to conduct the security measures discussed in this sheet before doing any actions on them.

      User Permissions¶

      Before any file upload service is accessed, proper validation should occur on two levels for the user uploading a file:

      • Authentication level
        • The user should be a registered user, or an identifiable user, in order to set restrictions and limitations for their upload capabilities
        • The user should have appropriate permissions to access or modify the files

        Filesystem Permissions¶

        Set the files permissions on the principle of least privilege.

        Files should be stored in a way that ensures:

        • Allowed system users are the only ones capable of reading the files
        • Required modes only are set for the file
          • If execution is required, scanning the file before running it is required as a security best practice, to ensure that no macros or hidden scripts are available.

          Upload and Download Limits¶

          The application should set proper size limits for the upload service in order to protect the file storage capacity. If the system is going to extract the files or process them, the file size limit should be considered after file decompression is conducted and by using secure methods to calculate zip files size. For more on this, see how to Safely extract files from ZipInputStream, Java’s input stream to handle ZIP files.

          The application should set proper request limits as well for the download service if available to protect the server from DoS attacks.

          Java Code Snippets¶

          Document Upload Protection repository written by Dominique for certain document types in Java.

          ©Copyright 2021 — CheatSheets Series Team — This work is licensed under a Creative Commons Attribution 3.0 Unported License.

          Источник

          Java SCP File Transfer Guide & Example | JSCAPE

          Check out this post to learn how to secure file transfers with Java SCP Library. This guide features an example for both the upload and download methods.

          java scp

          SCP is another old SSH (Secure Shell) file-transfer protocol — it can be traced back to the rcp command that was added to BSD Unix in 1982, which makes it the same age as ET The Extraterrestrial. It may have been the protocol ET used to communicate with his mothership. If he had had JSCAPE’s Secure FTP Factory library, things might have gone more easily.

          This Java SCP file transfer example shows both the upload() and download() methods:

          File Upload and Download with SCP

          import java.io.*; import com.jscape.inet.scp.Scp; import com.jscape.inet.scp.events.*; import com.jscape.inet.ssh.util.SshParameters; public class SCPDemo implements ScpEventListener < private String hostname = "somewebsite.com"; private String username = "jrandomuser"; private String password = "ETCallHome"; private String upDestination = "/"; private String downDestination = "/"; // This SshParameters instance is the same for upload or download. private SshParameters params = new SshParameters(hostname,username,password); public void doUpload(String upFile) throws Exception < // create new Scp instance Scp scp = new Scp(params); // register event listener scp.addListener(this); // establish connection (and disconnect, below) scp.connect(); // UPLOAD. The first argument is a File, the second is a String. scp.upload(new File(upFile),upDestination); scp.disconnect(); >public void doDownload(String downFile) throws Exception < // create new Scp instance Scp scp = new Scp(params); // register event listener scp.addListener(this); // establish connection (and disconnect, below) scp.connect(); // DOWNLOAD. Both arguments are Strings. scp.download(downDestination, downFile); scp.disconnect(); >// Various status messages. public void download(ScpFileDownloadedEvent evt) < System.out.println("Downloaded file: " + evt.getFilename()); >public void upload(ScpFileUploadedEvent evt) < System.out.println("Uploaded file: " + evt.getFilename()); >public void progress(ScpTransferProgressEvent evt) < System.out.println("Transfer progress: " + evt.getFilename() + " " + evt.getTransferredBytes() + " bytes."); >public void connected(ScpConnectedEvent evt) < System.out.println("Connected to host: " + evt.getHost()); >public void disconnected(ScpDisconnectedEvent evt) < System.out.println("Disconnected from host: " + evt.getHost()); >public static void main(String[] args) < try < SCPDemo demonstrator = new SCPDemo(); // Ask for the file names to be uploaded or downloaded. BufferedReader reader = new BufferedReader(new InputStreamReader(System.in)); System.out.print("SCP Demo: Enter file to upload e.g. test.txt : "); String upFile = reader.readLine(); if (upFile != "") < demonstrator.doUpload(upFile); >System.out.print("SCP Demo: Enter file to download e.g. test.txt : "); String downFile = reader.readLine(); if (downFile != "") < demonstrator.doDownload(downFile); >> catch(Exception e) < e.printStackTrace(); >> >

          There are a few things to note about this example. First, we have registered the Scp instance with the addListener method, which lets us detect the salvo of messages this object shoots off when it uploads or downloads files. In this demo program, we do nothing but print these messages to the console, but your programs can make use of them to track the progress of transfers.

          The filenames and destinations are paths relative to the program’s directory. Also note that the upload and download methods have different signatures.

          By the way, 1982 was also the year the band Survivor released Eye of the Tiger, and apparently both SCP and that song will live forever!

          Would you like to try Secure FTP Factory for free?

          Setting Up SFTP Public Key Authentication On The Command Line

          SFTP allows you to authenticate clients using public keys, which means they won’t need a password. Learn how to set this up in the command line online. Read Article

          Active vs. Passive FTP Simplified: Understanding FTP Ports

          If there are problems connecting to your FTP Server, check your transfer mode. Let JSCAPE help you understand the difference in active & passive FTP. Read Article

          Active-Active vs. Active-Passive High-Availability Clustering

          The most commonly used high-availability clustering configurations are Active-Active and Active-Passive. Learn the difference between the two online! Read Article

          Using Windows FTP Scripts To Automate File Transfers

          Learn how to automate file transfers using Windows FTP scripts. This post explains what FTP scripts are and how to create simple scripts to transfer files. Read Article

          Источник

          Читайте также:  Java what is session bean
Оцените статью
© 2024 Программирование