Section
4.3.9
Top Level
Sub Level
General
Ensure that any parameters sent to file upload/download features are carefully validated. This includes the filename, destination, file size, and content type.
Coldfusion
Use the IsImageFile function to validate that an image file is legitimate and correctly formed before performing actions on it with the cfimage tag.
Use the IsPDFFile function to validate that a PDF file is legitimate and correctly formed before performing actions on it with any of the ColdFusion 8 PDF tags.
Django
Filenames and destinations can be set as parameters to a model's file field. Size and content type are determined by the actual uploaded content.
Java
Ensure the name, destination, size, and content type of any file upload/download features are carefully validated.