Typescript Missing File Size Limit
Description
Detects missing file size limits in file upload functionality which could allow attackers to upload arbitrarily large files, potentially causing Denial of Service (DoS) through disk space exhaustion or memory consumption. This represents a server security misconfiguration issue.
Detection Strategy
• Review file upload functionality in source code for size limit validations
• Flag instances where file upload handling code lacks explicit maximum size checks
• Check for common file upload libraries and frameworks to ensure size limits are properly configured
• Examine file upload routes and handlers for missing size validation before processing uploads
Vulnerable code example
const multer = require('multer')
// Vulnerable: Using external config without file type validation
const unsafeUpload = multer({
storage: storageConfig
})✅ Secure code example
const multer = require('multer')
// Safe: Added file size limit, type filtering, and memory storage
const safeUpload = multer({
storage: multer.memoryStorage(), // Use memory storage for better control
limits: {
fileSize: 5 * 1024 * 1024 // Limit files to 5MB
},...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.