ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S2598/javascript/rule.adoc
Egon Okerman d1417e82f8
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) 
* Fix all CWE references

* Fix all OWASP references

* Fix missing CWE prefixes
2024-01-15 17:15:56 +01:00

46 lines
1.3 KiB
Plaintext
Raw Blame History

== Why is this an issue?
include::../rationale.adoc[]
include::../impact.adoc[]
include::how-to-fix-it/formidable.adoc[]
include::how-to-fix-it/multer.adoc[]
== Resources
* OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design]
* CWE - https://cwe.mitre.org/data/definitions/434[CWE-434 - Unrestricted Upload of File with Dangerous Type]
* CWE - https://cwe.mitre.org/data/definitions/400[CWE-400 - Uncontrolled Resource Consumption]
* https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload[OWASP Unrestricted File Upload] - Unrestricted File Upload
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
=== Message
Restrict [the extension|folder destination] of uploaded files.
'''
== Comments And Links
(visible only on this page)
=== on 21 Jan 2021, 15:37:26 Pierre-Loup Tristant wrote:
This rule is likely not implementable for C#. ASP.NET Core is not providing
any high level interface to help developper manage uploaded files.
There is no temporary storage of uploaded file by default. The file stays in
memory and it's up to the developper to chose the end location.
Verifying file extention can be done in many different ways.
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink