340 – Use octet stream downloads

Summary

The system should download files coming from untrusted sources, such as user-uploaded files, using octet stream downloads.

Description

User-uploaded files should generally be considered to be untrusted input. If the appropriate Content Security Policy is not set when opening a file, browsers may render it and interpret potentially malicious code. Therefore, user-uploaded files should be served by either octet stream downloads, or from an unrelated domain, such as a cloud file storage bucket. This reduces the risk of XSS vectors or other attacks from the uploaded file.

Supported In

Advanced: True

References

• CAPEC-19. Embedding scripts within scripts
• CAPEC-165. File manipulation
• CWE-138. Improper neutralization of special elements
• CWE-646. Reliance on file name or extension of externally-supplied file
• CWE-1021. Improper restriction of rendered UI layers or frames
• OWASP10-A3. Injection
• PADSS-5_2_7. Cross-site scripting (XSS)
• CMMC-CA_L2-3_12_2. Plan of action
• CMMC-SI_L1-3_14_5. System & file scanning
• HITRUST-01_h. Clear desk and clear screen policy
• HITRUST-09_j. Controls against malicious code
• FEDRAMP-CA-2_2. Security assessment - Specialized assessments
• FEDRAMP-SI-3. Malicious code protection
• IEC62443-IAC-1_13. Access via untrusted networks
• IEC62443-SI-3_2. Malicious code protection
• IEC62443-RDF-5_3. User content filtering
• OWASPSCP-12. File management
• ASVS-12_2_1. File integrity
• ASVS-12_3_6. File execution

Last updated

2023/09/18