Rule Definition
The aim is to check that the content type of a message received in a HTTP POST request. Arbitrary code execution is possible if an uploaded file is interpreted and executed as code by the recipient
-The software allows the attacker to transfer files of dangerous types that can be automatically processed within the product's environment.
Remediation
check that the content type of a message received in a HTTP POST and GET request.
Violation Code Sample
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String firstName = request.getParameter("fname");
response.getWriter().append("Served at: ").append(request.getContextPath());
//VIOLATION as the request getcontent type is not used to check for the valid type
}
Fixed Code Sample
-Sample 1
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String strContentType = request.getContentType();
if (!strContentType.equals("text/xml"))
{
//throw error as invalid MIME type and do not continue further
}
}
---------------------------------------------------------------------------------
sample 2
If the browser doesn't pass content-type correctly,
if(request.getContentType() == null)
{
}
Reference
https://cwe.mitre.org/data/definitions/434.html
Related Technologies
Technical Criterion
CWE-434 - Unrestricted Upload of File with Dangerous Type
About CAST Appmarq
CAST Appmarq is by far the biggest repository of data about real IT systems. It's built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals. It provides IT Leaders with factual key analytics to let them know if their applications are on track.