The system should download files coming from untrusted sources, such as user-uploaded files, using octet stream downloads.
User-uploaded files should generally be considered to be untrusted input. If the appropriate Content Security Policy is not set when opening a file, browsers may render it and interpret potentially malicious code. Therefore, user-uploaded files should be served by either octet stream downloads, or from an unrelated domain, such as a cloud file storage bucket. This reduces the risk of XSS vectors or other attacks from the uploaded file.
This requirement is verified in following services
- CAPEC™-19. Embedding scripts within scripts
- CAPEC™-165. File manipulation
- CWE™-138. Improper neutralization of special elements
- CWE™-646. Reliance on file name or extension of externally-supplied file
- CWE™-1021. Improper restriction of rendered UI layers or frames
- OWASP TOP 10-A3. Injection
- PA-DSS-5_2_7. Cross-site scripting (XSS)
- CMMC-CA_L2-3_12_2. Plan of action
- CMMC-SI_L1-3_14_5. System & file scanning
- HITRUST CSF-01_h. Clear desk and clear screen policy
- HITRUST CSF-09_j. Controls against malicious code
- FedRAMP-CA-2_2. Security assessment - Specialized assessments
- FedRAMP-SI-3. Malicious code protection
- ISA/IEC 62443-IAC-1_13. Access via untrusted networks
- ISA/IEC 62443-SI-3_2. Malicious code protection
- ISA/IEC 62443-RDF-5_3. User content filtering
- OWASP SCP-12. File management
- OWASP ASVS-12_2_1. File integrity
- OWASP ASVS-12_3_6. File execution
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.