Hi,
Please help me to add an extra layer of security as, the application has an option to upload files. Here the application only allows specific files to be uploaded but inspite of the restriction an adversary is able to upload a malicious file to the web server as validation is not done properly. An attacker can upload malicious files on server and can able to execute his malicious intention and compromise the security of the application.
If arbitrary kernel execution is enabled, there is really very little that can be done that has actual security impact at the jupyter_server contents level.
Rejecting some file as “bad,” based on the name, would just lead a user with malicious intent to rename the file, re-upload it, and rename it on the server.
If actively scanning, one could upload the file in an opaque/obfuscated format (e.g. a password-protected archive) and use the payload for other means.
Doing this in the browser/client layer has even less of an impact, as the Jupyter Contents API is well-documented, and is very easy to automate against once the server’s auth token is known.
Some tools that can actually be securely deployed, pursue a layered defense that goes down to sandboxed operating system-level constructs. Typically suggestions include:
Depending on your interactivity use case, the sandbox could be in the user’s browser, with JupyterLite, but it is still a work in progress with a lot of sharp edges, and carries its own hosting challenges.
2 Likes
By malicious files, i mean can we allow the users to upload only certain types of files (like .pynd, .csv ) so on.
Kind of like this: File Type Validation while Uploading it using JavaScript - GeeksforGeeks
Who are you trying to protect with these restrictions? If you want to prevent one user from deliberately attacking your system and affecting other users then follow @bollwyvl’s advice.
If you’re more interested in protecting users from inadvertently uploading malware then you could setup an on-access scanning product that hooks into the kernel and intercepts all file access. It sounds like ClamAV (open-source) can do that though I’ve never used it.
1 Like