Skills
skills/developerscoffee/java-cwe-security-skills/cwe-434-unrestricted-file-upload

cwe-434-unrestricted-file-upload

SKILL.md

CWE-434 Unrestricted Upload of File with Dangerous Type

Description

Unrestricted Upload of File with Dangerous Type

Reference: https://cwe.mitre.org/data/definitions/434.html

OWASP Category: A04:2021 – Insecure Design

Vulnerable Pattern

❌ Example 1

    private static final Random RANDOM = new Random(new Date().getTime());
    private static final Pattern ENDS_WITH_HTML_PATTERN = Pattern.compile("^.+\\.html$");
    private static final Pattern ENDS_WITH_HTML_OR_HTM_PATTERN =
            Pattern.compile("^.+\\.(html|htm)$");

    private static final String CONTAINS_PNG_JPEG_REGEX = "^.+\\.(png|jpeg)";
    private static final Pattern CONTAINS_PNG_OR_JPEG_PATTERN =
            Pattern.compile(CONTAINS_PNG_JPEG_REGEX);
    private static final Pattern ENDS_WITH_PNG_OR_JPEG_PATTERN =
            Pattern.compile(CONTAINS_PNG_JPEG_REGEX + "$");
    private static final transient Logger LOGGER =
            LogManager.getLogger(UnrestrictedFileUpload.class);

    public UnrestrictedFileUpload() throws IOException, URISyntaxException {
        URI uploadDirectoryURI;
        try {
            uploadDirectoryURI =
                    new URI(
                            Thread.currentThread()
                                            .getContextClassLoader()
                                            .getResource(BASE_PATH)
                                            .toURI()
                                    + FrameworkConstants.SLASH
                                    + STATIC_FILE_LOCATION);
            root = Paths.get(uploadDirectoryURI);
        // ... (truncated for brevity)

Deterministic Fix

✅ Secure Implementation

    public ResponseEntity<GenericVulnerabilityResponseBean<String>> getVulnerablePayloadLevel9(
            @RequestParam(REQUEST_PARAMETER) MultipartFile file) throws IOException {
        return genericFileUploadUtility(
                root,
                RANDOM.nextInt() + "_" + file.getOriginalFilename(),
                () -> true,
                file,
                true,
                false);
    }

Detection Pattern

Look for these patterns in your codebase:

# Find file upload handlers
grep -rn "MultipartFile\|@RequestPart" --include="*.java"

# Find file write operations
grep -rn "transferTo\|Files.copy\|FileOutputStream" --include="*.java"

Remediation Steps

  1. Validate file extension against allowlist

  2. Verify file content matches expected type (magic bytes)

  3. Generate random filenames for stored files

  4. Store uploads outside web root

  5. Implement file size limits

  6. Scan uploaded files for malware

Key Imports


import org.springframework.web.multipart.MultipartFile;

import java.nio.file.Files;

import org.apache.tika.Tika;

Verification

After remediation:

  • Re-run SAST scan - CWE-434 should be resolved

  • Test uploading files with double extensions: file.php.jpg

  • Verify dangerous file types are rejected

Trigger Examples

Fix CWE-434 vulnerability
Resolve Unrestricted Upload of File with Dangerous Type issue
Secure this Java code against unrestricted upload of file with dangerous type
SAST reports CWE-434

Common Vulnerable Locations

Layer Files Patterns

| Controller | *Controller.java | Upload endpoints |

| Service | *Service.java | File processing |

References

Source: Generated by Java CWE Security Skills Generator Last Updated: 2026-03-07

Weekly Installs
1
Repository
developerscoffe…y-skills
First Seen
10 days ago
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
mcpjam1
claude-code1
replit1
junie1
windsurf1
zencoder1