activist-org / activist

An open-source activism platform
https://activist.org
GNU Affero General Public License v3.0
242 stars 195 forks source link

Image Upload Validation #670

Open to-sta opened 9 months ago

to-sta commented 9 months ago

Terms

Description

Let's discuss how we can protect against malicious user uploaded images/files?

We should consider protection mechansim on all level of our tech stack:

Here is note from the django documentation on that: Django

andrewtavis commented 9 months ago

Information that I found on this during Code Brunch 🍞☕:

The following is also a useful chatbot output on the question "What are some steps that should be taken in a Django app to make sure that image uploads are not malicious?":

1. Use Django's Form Handling with FileField or ImageField: Django's forms provide built-in validation for file uploads. Use FileField or ImageField in your Django model forms to handle file uploads securely.

2. Implement Client-Side Validation: Utilize client-side validation using JavaScript to ensure that only certain file types are allowed to be uploaded. You can also check the file extension and file size before submitting the form to the server.

3. Server-Side Validation: Even though client-side validation is important, it can be bypassed. Therefore, always perform server-side validation as well. Django provides validators for file uploads. For example, you can use validate_image_file_extension to validate that the uploaded file is an image and not a disguised malicious file.

4. Use a Secure File Storage Backend: Django provides different file storage backends. Use a secure file storage backend like FileSystemStorage or Amazon S3 with proper access controls and permissions.

5. Implement Image Processing Libraries with Caution: If your application requires image processing, use trusted libraries like Pillow. Be cautious when accepting user input for image processing operations to prevent security vulnerabilities like Remote Code Execution (RCE).

6. Scan Uploaded Files: Consider integrating antivirus or file scanning services to scan uploaded files for malware or malicious content.

7. Limit File Upload Size: Configure Django settings to limit the size of uploaded files to prevent denial of service attacks and disk space exhaustion.

8. Implement Content Security Policy (CSP): Utilize CSP headers to control from where your application can load resources, including images. This can help mitigate the risk of loading malicious content from untrusted sources.

9. Regularly Update Dependencies: Keep your Django application and its dependencies up to date to patch security vulnerabilities and ensure that you are using the latest security features.

10. User Authentication and Authorization: Ensure that only authenticated and authorized users are allowed to upload files to your Django application. Implement proper user authentication and authorization mechanisms.
rigojr commented 9 months ago

Interesting 🤔

andrewtavis commented 9 months ago

Along with the above, on the frontend side of things it looks like there's a well regarded security module for Nuxt that we should look at - Nuxt Security :)

andrewtavis commented 7 months ago

Via discussions in the dev sync, some further restrictions for images that should be checked on both the frontend and backend would be:

What are we changing the filename to when it's sanitized?

andrewtavis commented 6 months ago

Comment from Code Brunch 🍞☕ on this:

CC @wkyoshida and @bozmen