3

Our website has a form which allows users to upload image files (png,gif,jpeg and pdf).

Once uploaded, the website sends the file (server to server) to the back office api, which then saves the image to disk.

In the back office, our employees can watch the images uploaded by our customers in a browser.

Security wise, If a client sends an infected JPEG file, and our employee open it in a browser, this may cause security issues.

Besides anti-virus, I want to sanitize the files before they get written to disk.

If I convert jpeg to png and png to jpegs, will this make them safe to process?

Is there any simple way in .NET to secure file just by converting it, or maybe another way besides conversion?

Rory McCune
  • 61,541
  • 14
  • 140
  • 221
SexyMF
  • 161
  • 1
  • I think [How to defend vs. Image Remote File Inclusion, e.g. RFI using a .gif file (Apache/PHP)?] (http://security.stackexchange.com/questions/3919/how-to-defend-vs-image-remote-file-inclusion-e-g-rfi-using-a-gif-file-apach) is a closer duplicate. – Neil Smithline Dec 02 '15 at 15:31

2 Answers2

1

It's a bit difficult to provide a universally applicable answer to this question as what you're looking for is vulnerabilities in the library(s) processing the image files before they are written to disk.

Converting the image from one format to another may help remove invalid content, however the conversion process itself could introduce new vulnerabilities as the data is being processed.

As such I'd suggest that pre-processing (e.g. converting or validating) the image in an isolated environment (e.g. dedicated Virtual machine or Docker container) would potentially be a good idea to reduce the risk of this processing prior to these images being viewed by your staff.

Rory McCune
  • 61,541
  • 14
  • 140
  • 221
0

What it seems like you're trying to ask is what to do to protect against if someone uploads a malicious file with an image type extension but is not an image in any sense(possibly browser readable code) I'm pretty sure all you need to defend against this is to verify the MIME type before allowing the file to be loaded.

Chad Baxter
  • 632
  • 4
  • 8