logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

Unverifiable files - Javascript

Need

Ensure verifiability of files in the repository

Context

  1. Usage of JavaScript for developing modern web applications
  2. The repository stores files that cannot be verified because their content is not compatible with their extension
  3. The repository stores files that cannot be verified because their content is opaque and difficult to inspect.

Description

Insecure Code Example

/my-project
  │── /static/
    jquery.min.js
    MyProgram.class
    maven.wrapper.jar
  │── /src/
    main.js
    index.html

In this example, we have a repository with an "static/" directory in which we have files that cannot be verified by scanners because the content is obfuscated or does not correspond to its extension.

Steps

  1. Validate the file extension before saving it to the repository
  2. Filter out files that cannot be verified by scanners

Secure Code Example

/my-project
  │── .gitignore
    static/.*.min.js
    static/.*.class
    static/.*.jar
  │── /src/
    main.js
    index.html
  │── /static/
    jquery.min.js
    MyProgram.class
    maven.wrapper.jar

In this case, uncheckable files were ignored in the .gitignore file to prevent them from being uploaded to the repository.

References

  • 117 - Unverifiable files

    • Last updated

    2025/03/31