logo

Database

Javascript Missing File Size Limit

Description

Identifies JavaScript file upload handlers that do not implement file size limits. Unrestricted file uploads can lead to denial of service attacks through exhaustion of storage space or memory when processing extremely large files.

Weakness:

029 - Inadequate file size control

Category: System Manipulation

Detection Strategy

    Analyzes JavaScript code that handles file uploads or file processing

    Checks if the code implements size validation or maximum file size restrictions

    Reports a vulnerability when file upload handlers lack size limit validation

    Examines file upload functionality in common JavaScript frameworks and libraries

    Focuses on form submissions, file input handlers, and upload endpoints

Vulnerable code example

const multer = require('multer')

// Vulnerable: No file type validation or size limits in multer config
const upload = multer({
  storage: multer.diskStorage({
    destination: './uploads',
    filename: (req, file, cb) => cb(null, file.originalname)
  })...

✅ Secure code example

const multer = require('multer')
const path = require('path')
const crypto = require('crypto')

const upload = multer({
  storage: multer.diskStorage({
    destination: './uploads',
    filename: (req, file, cb) => {...