Overview
Document uploads in GeoNode are accepted with very lightweight control. They are restricted to only certain file extensions, but this control can be bypassed to upload non-allowed files, such as binaries.
This is what OWASP Unrestricted File Upload.
Task
We should validate the uploaded document with different validation steps(including magic number validation python-magic.
Overview
Document uploads in GeoNode are accepted with very lightweight control. They are restricted to only certain file extensions, but this control can be bypassed to upload non-allowed files, such as binaries.
This is what OWASP Unrestricted File Upload.
Task
We should validate the uploaded document with different validation steps(including magic number validation python-magic.