Typescript Unrestricted File Upload
Description
Detects unrestricted file upload vulnerabilities in Express.js applications where file uploads are not properly validated. This can allow attackers to upload malicious files like web shells or overwrite critical system files, potentially leading to remote code execution or system compromise.
Detection Strategy
• Identifies Express.js file upload handler functions and middleware configurations
• Checks if the file upload code lacks proper file type validation or restrictions
• Verifies if upload destination paths are properly sanitized and restricted
• Reports a vulnerability when file uploads are accepted without proper extension checks or type validations
• Flags cases where uploaded files can be saved to arbitrary locations without path validation
Vulnerable code example
const express = require('express');
const fs = require('fs');
const app = express();
app.post('/write', express.json(), (req, res) => {
const userFile = req.body.filename; // User-controlled input - dangerous!
fs.writeFileSync('/var/www/html/' + userFile, req.body.content);
res.send('File written');...✅ Secure code example
const express = require('express');
const fs = require('fs');
const path = require('path');
const app = express();
app.post('/write', express.json(), (req, res) => {
const userFile = req.body.filename;
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.