Is there any client side validation for handling security in zip file upload ( zip slip vulnerability ) while uploading zip files ?

1 Answer 192 Views
Upload
Ranjith
Top achievements
Rank 1
Iron
Ranjith asked on 14 Jun 2021, 09:36 AM
ZIP Slip makes the application vulnerable to Path traversal attack and Sensitive data exposure.

1 Answer, 1 is accepted

Sort by
0
Silviya
Telerik team
answered on 16 Jun 2021, 01:45 PM

Hi Ranjith,

The Upload component does not support built-in security checks. What I can suggest in this situation is a using a third-party library to validate the selected files. The Upload component triggers a SelectEvent whenever a file is being selected. This event could be utilised to access and process the selected files (including the underlying raw file) on the client side.

https://www.telerik.com/kendo-angular-ui/components/uploads/api/SelectEvent/

https://www.telerik.com/kendo-angular-ui/components/uploads/api/FileInfo/#toc-rawfile

It would take an event binding in the component declaration:

<kendo-upload
      [saveUrl]="uploadSaveUrl"
      [removeUrl]="uploadRemoveUrl"
      (select)="onSelect($event)"
>

public onSelect(ev: SelectEvent): void {​ 
  ev.files.forEach((file: FileInfo) => {​
    if (file.rawFile) {​ ...
      ...
  }​); 
}​

An example implementation of processing selected files on the client side can be found in the following How-To:

https://www.telerik.com/kendo-angular-ui/components/uploads/upload/how-to/local-file-processing/

I hope this information helps. Let me know if I could provide further assistance regarding the case.

Regards,
Silviya
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

Ranjith
Top achievements
Rank 1
Iron
commented on 17 Jun 2021, 05:53 AM

Hi Silviya

Let me check.. Thanks for your response.
Tags
Upload
Asked by
Ranjith
Top achievements
Rank 1
Iron
Answers by
Silviya
Telerik team
Share this question
or