how to secure zip file upload? - java
I've a project in netbeans which my employer wants me to add a bulk file upload.
The requirement was ,the user will put a csv file and some images in a folder in client side. on the file upload page he will choose the csv file and i have to upload the images in the folder along with the csv.
After a short research i found that the client side file location and details can't be accessed from the server side so instead of uploading a single file and the contents in the folder which it belong, the user will zip all the files and upload the zip file .
Now i'm conserned about the security risks of uploading a zip file.
What all are the measures should i take to prevent the upload of malecious scripts and files along with the zip?
Is it possible to validate the file content before it reach the server ?
Is it possible to validate it securely even after it reached the server side ?
1.- scan the zip files once they arrive at the server.
2.- unlikely. even if you use Javascript as front-end, it doesn't have access to the users file system.
3.- yes, for example with "clamav", but notice that no antivirus is 100% effective.
the steps are:
install clamav
configure clamav to update periodically its virus database
schedule a cron job that continuously scans all files that are in certain directory (the directory where you upload the users files)
delete files that contain viruses
for example:
# dnf install -y clamav
# dnf install -y clamav-update
$ clamscan java_error_in_IDEA_6451.log.zip
LibClamAV Warning: **************************************************
LibClamAV Warning: * The virus database is older than 7 days!
LibClamAV Warning: Please update it as soon as possible. *
LibClamAV Warning: **************************************************
java_error_in_IDEA_6451.log.zip: OK
----------- SCAN SUMMARY -----------
Known viruses: 4490129
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.37 MB
Data read: 0.03 MB (ratio 13.43:1)
Time: 6.239 sec (0 m 6 s)
Antivirus is optional. Everything you need here is to validate and safely extract files from archive to your server storage. I don't recommend to use system utilities for this (zip, etc.). It's better to take some library for working with zip archives and write code for its processing.
Here's possible algorithm for validating files in archive. You should iterate through every file and check if:
File size is too big.
Filename is too long.
Directory structure is too big.
Filename includes ../.
File extension is not in white list.
File has attributes of symlink.
Other rules.
If something is true for your current file, then it's better to stop processing of such archive and show error for client.
When you've checked everything, then you can start to extract files. From this moment you can try to validate content of file using file or exif tools.
Also, you can require archives with some special structure. For example, all images must be in images folder, archive must have only 1 level of folders and so on.
Related
How to detect attachement inside MS Office files
I've got a web server with java on which can be uploaded doc/docx and xls/xlsx files. There's a possibility that they can contain viruses as an attachement, maybe some *.exe or *.com file. How can I check that they don't?
How to download the zip file, Reads Zip archives with no intermediate disk/memory storage in servlet
I have one zip file (C:\source.zip ~130 mb size) common source in my server, I want to create new text file that depends on user info dynamically and append into that source.zip, then I need to give a download link to separate user. My idea is, I will combine the source.zip and new user text file into one temporary folder (c:\temp). Then I will give the temporary folder as download link. After user downloaded the zip, I will delete the zip file in temp folder. But my problem is, I will duplicate source into temp folder. So many users access this means server size will increase. So I want to read the (source.zip and text file) zip archives with no intermediate disk/memory storage to download in servlet. How can I do this in servlet or jsp?
How to limit file reads to subdirectories from java app using security manager
I have simple web server and i'm running it in /myHome/serverHome directory. All code(classes) running on my JVM can read files in /myHome/serverHome and its sub directories. But i want to limit file reads of myHome/serverHome/conf directory to only signed code. If i used java security manager it allows all code to read all files in sub directories. Is there any way we can block this. Any help appriciate. Thanks.
Permissions and File.renameTo in Java 6 strange behavior
I have a Java program (running under Java 6), that monitors a directory parses the name of found files and runs actions (including copying the file) according to meta data and file content then, depending on the success or failure of the process, moves the files to a OK or KO directory. I run my program as a simple user. I tried, for the test, to put files belonging to root in my monitored directory. Furthermore, I gave them 000 permissions. The program would find the files but fail on the copy of the file. For the record, the actual copy is done on this model: FileOutputStream fos = new FileOutputstrem(DestFile) FileInputStream stream = new FileInputStream(File); byte buffer[] = new byte[bufferSize]; int nbRead; while (-1 != (nbRead = fin.read(buffer))) fos.write(buffer, 0, nbRead); So far, seeing the program fail is exactly what I expected, 000 permissions on a un-owned file, that cannot be read. But what is strange is that my files were moved to the KO box. The move is done with File failedFileName = new File(KOdirectory, myFile.getName()); myFile.renameTo(failedFileName); Should that work? (given they are onwed by root and with 000 permissions)? They end up in the KO directory, still owned by root with 000 permissions. When I add read permissions (so my files are 444 root-owned) and reinject them into the monitored folder, the whole process runs smoothly and files end up in the OK directory (still root-owned and 444 permissions). How is it possible to move files on which one has only reading rights? How does this reading, moving, deleting works depending on the OS? on the distro? Maybe I should add I run this on Ubuntu whose awkward root user (it exists, but not completely) concept might be messing with this.
Moving and renaming files does nothing to the file contents; instead, it changes the directory entries. So you need write permission on the directory, not the file itself. Try it: if you remove the write permission to the directory, and give write permission to the file, you won't be able to rename or move the file anymore. There are commands like mv or rm that actually check the file permission, and ask for confirmation if you want to move or change them. But that's extra code in the command and does not come from the operating system itself. This is the same on all linux/unix systems. Reading/changing a file's content checks the permissions on the file; changing the file name or moving it to a different directory checks the permissions on the directory(/ies). This does not depend on the distro, it's the same on all linux systems, as well as Solaris, AIX, HP/UX and what other commercial unixes there are.
Moving a file from one directory to another only requires modification of directory entries for the directories in question. This means that you need only write and search permissions to the directories. The permissions or the owner of the file being moved do not matter. You can read more about this in the appropriate man pages, such as the page for rename(2) and path_resolution(7).
A file has permission and this determines if you can read, modify or execute this file. A file exists in one or more directories and it is the permission of the directory, not the file, which determines if the directory can be listed, modified or used. So when you move a file, you are changing the directory, not the file.
cvs update - cannot open temp file for writing no such file or directory
Disclaimer: This isn't my repo, I'm trying to help a developer access theirs. When checking out code (windows server 2003, tortoiseCVS 1.12.5), CVS displays many errors: cvs udpate: cannot open temp file _new_r_cl_elementBeanInternalHome_12345b.class for writing Eventually failing and aborting on the error: cvs [update aborted]: cannot make directory path/path/path/PATH/Path/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/FOO/com/ams/BAR/entityBean/websphere_deploy/DB2UDBOS123_V0_1 no such file or directory. There's nothing handy on Google about this or on stack overflow so far. We do have a web browser on the cvs server and I can see the paths match and there are files there. Anyone have any ideas?
In my case I wasn't able to check out to drive D: in windows but was able to checkout to drive c: I believe that the problem is with the disk drive or filesystem.
Standard Windows API has 260-character limit for paths to any files. If the whole path to the file exceeds that limit you won't be able to save that file to in system. Try to checkout repository as close the root of the disk as possible. If the file paths in you repo exceeds the limit, then try to checkout only fragment of the tree of your repository. If you use the NTFS file system and the win32 API you can have as long as 32k characters path length. You may change your CVS client to other implementation, for example the Netbeans plugin for CVS is able to handle long paths, but probably you won't be able to work with it anyway.