此客户端应用程序安全吗? [英] Is this client side application secure?
问题描述
这是我用来在客户端使用javascript处理文件的程序的简化版本.
Here is a simplified version of a program I am using to work with a file using javascript on the client side.
HTML:
<input id='myinput' type='file' accept='.png, .jpg, .jpeg' />
JavaScript:
Javascript:
var myinput = document.getElementById('myinput');
myinput.addEventListener('change', function(e) {
/* 1. capture the file */
var file = e.target.files[0];
/* 2. make a fileReader object */
var reader = new FileReader();
/* 3. the load event listener */
reader.addEventListener('load', function(e) {
var fileContentAsText = e.target.result; // <-- is this line safe?
/* 5. functions for manipulating the file would go here */
}, false);
/* 4. passing the file to the filereader object */
reader.readAsText(file);
});
或多或少,我的程序用于处理png或jpg类型的文件,对其进行处理,然后使修改后的版本可供下载.
More or less, my program is for manipulating png or jpg type files, manipulating them, then making the modified version available for download.
一切都发生在客户端.
由于没有任何内容发送到服务器,因此我应该关注任何安全漏洞吗?
Since nothing is being sent to the server, are there any security vulnerabilities that I should be concerned about?
如果我将其发送到服务器,则几乎所有我用来验证文件的工作都将在php中进行,并且我将有足够的把握保证操作的安全性.
If I was sending it to the server, almost everything I would have done to validate the file would have been in php, and I would have been reasonably assured that the operation was secure enough.
由于我没有将其发送到服务器,因此我将应用的所有php机制均不适用.
Since I am not sending it to the server, none of those php mechanisms I would have applied are applicable.
实际问题:
- 鉴于一切都会在客户端发生,我需要验证文件吗?
- 如果是这样,为什么?我可以采取什么行动?
想到的是设置其他元素的innerHTML的文本框,或者其中的src/onerror属性可用于恶意目的的地方.我需要注意这些类型的攻击吗?因为我在此问题上阅读的所有内容都涉及到验证去往服务器的文件.
What comes to mind are text boxes that set the innerHTML of other elements, or where src/onerror attributes can be exploited for nefarious purposes. Are these types of attacks something I need to watch out for? Because everything I have read on this matter concerns validating a file that goes to the server.
推荐答案
您必须意识到漏洞,例如跨站点脚本,开放重定向,敏感信息存储(而不是完整列表),它们也可能影响客户端仅限应用程序.
You have to be aware of vulnerabilities like for example cross-site scripting, open redirection, sensitive information storage (not a comprehensive list), which may also affect client-only applications.
实际上,这意味着重要的部分是注释中的5.点-加载的文件将如何处理.例如,您可以在处理后将其一部分存储在localStorage中,如果存储了敏感"信息(无论您的上下文如何),这可能会带来风险.例如,如果将零件写回客户(如果我理解正确,我认为是这种情况),则可能构成注入威胁.例如,如果您向html编写内容,例如来自图像exif的注释,则最直接的注入将是XSS.但是,您还应该考虑用户收到结果后结果文件会发生什么情况.它会显示在可能容易受到某种注入或缓冲区溢出等影响的应用程序中吗?考虑具有已知缓冲区溢出漏洞的图像查看器.假设恶意用户准备了映像并将其提供给受害者.该映像的制作方式不会直接导致缓冲区溢出,但是在您的应用程序对其进行转换之后,它会利用显示该映像的客户端中的漏洞.当然,这是第三方客户端软件的一个漏洞,但是您的应用程序被用来隐藏漏洞并促进攻击.
In practice this means the important part is point 5. in the comments - what happens to the loaded file. For example you could store part of it after processing in say localStorage, which may present a risk if "sensitive" info is stored (be it whatever in your context). Or for example if a part is written back to the client (which I think is the case if I understand correctly), it could pose an injection threat. The most straightforward injection would be XSS if you for example write somehing to html, like the comment from the image exif. But you should also consider what happens to the resulting file after the user receives the result. Will it be displayed in an application that may be vulnerable to some kind of an injection, or for example buffer overflow? Consider an image viewer that has a known buffer overflow vulnerability. Say a malicious user prepares an image and gives it to the victim. This image may be crafted in a way that it does not directly result in buffer overflow, but after the transformations your application does to it, it exploits vulnerabilities in the client that displays it. Sure, it's a vulnerability of the 3rd party client software, but your application was used to hide the exploit and facilitate an attack.
因此,请尝试从整体上考虑系统,您的应用可能只是复杂攻击中的基石,而您的目标应该是最大程度地降低对攻击者的有用性.这是模糊的建议,但这完全取决于您对上传的文件实际执行的操作.
So try to consider the system as a whole, your apllication may just be a building block in a complex attack, and your goal should be to minimize the usefulness for an attacker. This is vague advice, but it all depends on what you actually do to the uploaded file.
我想到的另一件事是恶意的上载图像可能会挂起浏览器进程,这是对客户端的拒绝服务.您应该能够避免这种情况. (当然,用户从自己那里上传了它,但是可能已经从别人那里收到了,所以可能不知道她正在上传的是什么-在您的情况下可能是无效的.)
Another thing that comes to mind is a malicious uploaded image may hang the browser process, a denial of service on the client. You should be able to avoid this. (Sure, the user uploads it for herself, but may not be aware of what it is she's uploading, having received it from somebody else - may or may not be valid in your scenario.)
在处理过程中,图像信息的某些部分可能用于说查询事物,例如从exif信息或其他信息中查找相机供应商.这样的查询也可能易于注入,从而导致通过恶意映像伪造查询.因此,在处理过程中从文件中读取的所有内容通常都应视为不受信任,就像在服务器上所做的一样.
Aldo during processing, parts of the image info may be used for say querying things, for example to find the camera vendor from the exif info or whatever. Such queries may also be susceptible to injection, resulting in query forgery via a malicious image. So anything you read from the file during processing should be treated as untrusted in general, the same as if it was done on the server.
这篇关于此客户端应用程序安全吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
