45 lines
1.0 KiB
Markdown
45 lines
1.0 KiB
Markdown
|
# Exploit Mitigation
|
||
|
|
|
||
|
|
> All User Input is Evil
|
||
|
|
|
||
|
|
## Web Mitigations
|
||
|
|
|
||
|
|
### Uploads
|
||
|
|
|
||
|
|
* Validate the following
|
||
|
|
* Content-Type
|
||
|
|
* File Extension
|
||
|
|
* Magic File Number
|
||
|
|
* Maximum File Size
|
||
|
|
* Rename the file randomly
|
||
|
|
* Scan for Malware
|
||
|
|
* Use Path objects instead of Strings
|
||
|
|
* Save uploads outside of the web root
|
||
|
|
|
||
|
|
### Database SQLi
|
||
|
|
|
||
|
|
* Typecasting of variables inserted
|
||
|
|
* Prepared Statements
|
||
|
|
|
||
|
|
### HTML5 Input & Forms
|
||
|
|
|
||
|
|
* An `<input>` field can provide a pattern which checks for regex. In a free text field regex is not sufficient, therefore whitelist allowed characters.
|
||
|
|
* Use `type` attribute of `<input>` to set the type of the values
|
||
|
|
* Requirements on the inputs can be done in the following ways of `required <attributes>`:
|
||
|
|
* `minlength`
|
||
|
|
* `maxlength`
|
||
|
|
* `size`
|
||
|
|
* `min`
|
||
|
|
* `max`
|
||
|
|
* `pattern`
|
||
|
|
|
||
|
|
### PHP Input Backend
|
||
|
|
|
||
|
|
* `htmlentities()` escapes characters
|
||
|
|
```sh
|
||
|
|
$name = htmlentities($_GET['name'], ENT_QUOTES | ENT_HTML5, "UTF-8")
|
||
|
|
```
|
||
|
|
* Use HTMLPurifier
|
||
|
|
* Use `intval()` to typecast, e.g. ids
|
||
|
|
```
|