WebAppSec/Secure Coding Guidelines: Difference between revisions

WebAppSec/Secure Coding Guidelines (view source)

Revision as of 00:56, 27 January 2011

547 bytes added , 27 January 2011

improved uploads guidance, added archives.

Yboily

Confirmed users

180

edits

@@ Line 302: / Line 302: @@
 [https://wiki.mozilla.org/WebAppSec/Secure_Coding_Details#Word_Press Configuring Worpress Admin Pages Securely]
-== Uploads ==
+== Uploads  ==
-'''Attacks of Concern''': Malformed user uploads containing JavaScript, HTML or other executable code, Arbitrary file overwrite
-=== Image Upload ===
+'''Attacks of Concern''': Malformed user uploads containing JavaScript, HTML or other executable code, Arbitrary file overwrite
-'''Upload Verification'''
-* Use input validation to ensure the uploaded filename uses an expected extension type
-* Ensure the uploaded image is not larger than a defined maximum file size
-* Ensure the image dimensions are within the defined range for the application (example 50x50 to 200x200)
-* Use image rewriting libraries to verify the image is valid and to strip away extraneous content.
-* Set the extension of the stored image to be a valid image extension based on the detected content type of the image from image processing (e.g. do not just trust the header from the upload).
-* Ensure the detected content type of the image is within a list of defined image types (jpg, png, etc)
-'''Upload Storage'''
+=== General Uploads  ===
-* Use a new filename to store the image on the OS. Do not use any user controlled text for this filename or for the temporary filename.
-* Store all user uploaded files on a separate domain (e.g. mozillafiles.net vs mozilla.org)
-'''Public Serving of Uploaded Content'''
+'''Upload Verification'''
-* Ensure the image is served with the correct content-type (e.g. image/jpeg)
+*Use input validation to ensure the uploaded filename uses an expected extension type
+*Ensure the uploaded file is not larger than a defined maximum file size
+'''Upload Storage'''
+*Use a new filename to store the file on the OS. Do not use any user controlled text for this filename or for the temporary filename.
+*Store all user uploaded files on a separate domain (e.g. mozillafiles.net vs mozilla.org)Archives contents should be analyzed for malicious content (anti-malware, static analysis, etc)
+'''Public Serving of Uploaded Content'''
+*Ensure the image is served with the correct content-type (e.g. image/jpeg, application/x-xpinstall)
+=== Image Upload  ===
+'''Upload Verification'''
+*Ensure the image dimensions are within the defined range for the application (example 50x50 to 200x200)
+*Use image rewriting libraries to verify the image is valid and to strip away extraneous content.
+*Set the extension of the stored image to be a valid image extension based on the detected content type of the image from image processing (e.g. do not just trust the header from the upload).
+*Ensure the detected content type of the image is within a list of defined image types (jpg, png, etc)
+=== Archive Uploads  ===
+'''Upload Verification'''
+*Ensure that the decompressed size of each file within the archive is not larger than a defined maximum size
+*Ensure that an uploaded archive matches the type expected (e.g. zip, rar, gzip, etc)
+*For structured uploads such as an add-on, ensure that the hierarchy within the archive contains the required files
 =Further Reading=