Skip to main content

Insecure temporary files

Need

Secure handling of temporary files

Context

  • Usage of TypeScript for static typing and enhanced developer experience in Node.js development
  • Usage of Express for building web applications and APIs
  • Usage of fs for file system operations

Description

Non compliant code

import express from 'express';
import fs from 'fs';

const app = express();

app.post('/upload', (req, res) => {
  const { file } = req.body;

  // Insecurely save the file to a temporary location
  fs.writeFileSync(`/tmp/${file.name}`, file.data);

  res.send('File uploaded successfully!');
});

app.listen(3000, () => {
  console.log('Server is running on port 3000');
});

The vulnerability in this code is the insecure handling of temporary files.

In the app.post('/upload') route, the code receives a file in the request body and saves it to a temporary location using the fs.writeFileSync() function. The file is saved in the /tmp directory with the original file name.

The problem with this approach is that the code does not perform any security checks or validations on the file being uploaded. This means that any type of file can be uploaded, including potentially malicious files.

Furthermore, the code does not set any restrictions on the file permissions or access control. This means that the temporary file can be accessed by anyone who has access to the server's file system.

This vulnerability can be exploited by an attacker to upload a malicious file that can be executed on the server, leading to unauthorized access, data theft, or other malicious activities.

To mitigate this vulnerability, the code should implement proper security measures such as:

  1. Validate the file type and enforce restrictions on the allowed file types.
  2. Generate a unique file name for the temporary file to prevent overwriting or guessing file names.
  3. Set appropriate file permissions and access control to restrict access to the temporary file.
  4. Consider using a secure temporary file storage mechanism or a dedicated file storage service instead of saving sensitive information in server files.

Steps

  • Avoid saving sensitive information in server files.
  • Use a secure temporary file location to store uploaded files.
  • Ensure that the temporary file is deleted after it is no longer needed.
  • Implement proper access controls to prevent unauthorized access to the temporary files.
  • Consider using a file storage service or database to store and manage uploaded files instead of saving them to the server's file system.

Compliant code

import express from 'express';
import fs from 'fs';
import { v4 as uuidv4 } from 'uuid';

const app = express();

app.post('/upload', (req, res) => {
  const { file } = req.body;

  // Generate a unique filename for the temporary file
  const tempFileName = `${uuidv4()}_${file.name}`;

  // Use a secure temporary file location to store the file
  const tempFilePath = `/tmp/${tempFileName}`;

  // Insecurely save the file to the temporary location
  fs.writeFileSync(tempFilePath, file.data);

  // Implement proper access controls to prevent unauthorized access to the temporary file

  // Delete the temporary file after it is no longer needed
  fs.unlinkSync(tempFilePath);

  res.send('File uploaded successfully!');
});

app.listen(3000, () => {
  console.log('Server is running on port 3000');
});

The fixed code addresses the vulnerability by implementing secure practices for handling temporary files. Here's an explanation of the changes made:

  1. Importing necessary modules: The code imports the required modules, including 'express' for creating the server, 'fs' for file system operations, and 'uuid' for generating unique filenames.

  2. Setting up the server: The code creates an instance of the Express server.

  3. Handling file upload: The code defines a route for handling file uploads using the HTTP POST method. It expects the file data to be sent in the request body.

  4. Generating a unique filename: The code uses the 'uuidv4' function from the 'uuid' module to generate a unique filename for the temporary file. This helps to avoid naming collisions.

  5. Using a secure temporary file location: The code specifies a secure temporary file location by using the '/tmp' directory. This directory is commonly used for storing temporary files in Unix-like systems.

  6. Saving the file securely: The code securely saves the file to the temporary location using the 'fs.writeFileSync' function. This function writes the file data to the specified path.

  7. Implementing access controls: Although not explicitly shown in the code, the recommendation is to implement proper access controls to prevent unauthorized access to the temporary file. This can include setting appropriate file permissions and restricting access to the file.

  8. Deleting the temporary file: After the file is no longer needed, the code uses the 'fs.unlinkSync' function to delete the temporary file from the file system. This helps to ensure that sensitive information is not left behind.

  9. Sending a response: The code sends a response to the client indicating that the file was uploaded successfully.

  10. Starting the server: The code starts the server and listens on port 3000 for incoming requests.

By following these practices, the fixed code ensures that sensitive information is not stored insecurely in temporary files and reduces the risk of unauthorized access to server secrets.

References

Last updated on