[TASK-7765] fix: validate file inputs before upload

[kushagrasarathe]

• added security checks for file upload input
• improved error handling
• new checks uses magic numbers to validate file signatures and specific mime types

Summary by CodeRabbit

• New Features

  • Enhanced file upload functionality with improved error handling and validation.
  • Added file type and size checks for uploads.
  • Implemented file signature validation.

• Bug Fixes

  • Improved error reporting for the file upload process.
  • Added security measures for file uploads.

• Chores

  • Reorganized import statements.
  • Updated constants for file upload restrictions.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
peanut-ui	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jan 13, 2025 9:04am

[notion-workspace]

🪲 Bu: Ev - File Upload Security Check Required

[coderabbitai]

Walkthrough

This pull request enhances file upload functionality and error handling across multiple components. It introduces a new error handling function, handleFileUploadError, and improves file validation mechanisms with checks for MIME types and file sizes. New constants are defined for upload constraints, and components are updated to incorporate robust error reporting during file uploads. The changes aim to improve the security and user experience of the file upload processes.

Changes

File	Change Summary
src/components/Create/Link/Input.view.tsx	Added handleFileUploadError function for managing file upload errors. Reorganized import statements.
src/components/Global/FileUploadInput/index.tsx	Enhanced file validation with size and MIME type checks, added onError prop, improved error handling with try-catch, and introduced sanitizeFileName function.
src/components/Request/Create/Views/Initial.view.tsx	Added handleFileUploadError function for file upload error management. Reorganized import statements.
src/constants/general.consts.ts	Added constants for file upload: FILE_UPLOAD_ALLOWED_MIME_TYPES, FILE_UPLOAD_MAX_FILE_SIZE, VALID_FILE_SIGNATURES. Restored import for CHAIN_DETAILS and TOKEN_DETAILS.
src/utils/general.utils.ts	Added isValidFileSignature utility function to validate file headers, updated import statements.

Possibly Related PRs

• Fix build #377: The changes in src/components/Create/useCreateLink.tsx involve modifications to the handling of network switching, which may relate to the overall functionality of file uploads if they are part of a broader create link process.
• Fix/cashout rework #388: The changes in src/components/Global/FileUploadInput/index.tsx enhance error handling for file uploads, which directly relates to the new handleFileUploadError function introduced in the main PR.
• [TASK-7887] fix: remove lopping for status check in cross-chain cashout #602: The modifications in src/components/Offramp/Confirm.view.tsx include changes to transaction handling and error management, which could be relevant to the error handling improvements in the main PR.

Suggested Reviewers

• Hugo0

Poem

🐰 A Rabbit's Ode to File Upload Delight 🐰
With signatures checked and sizes so neat,
Our files now dance to a validator's beat.
No sneaky uploads shall slip through our gate,
Security dances at a file's upload date!
Errors now whisper their tales with such grace,
As we hop forward in this digital space!

Finishing Touches

• 📝 Generate Docstrings (Beta)

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (7)

src/components/Global/FileUploadInput/index.tsx (2)

34-38: Improve file signature validation accuracy

Currently, the implementation reads only the first 4 bytes of the file to determine its signature. Some file types may require more bytes for accurate identification. For example, PDF files often need at least 5 bytes (%PDF-) to confirm the file type. Consider reading more bytes (e.g., the first 8 bytes) to enhance validation accuracy and reduce false positives or negatives.

Apply this diff to read more bytes:

- const arr = new Uint8Array(e.target.result as ArrayBuffer).subarray(0, 4)
+ const arr = new Uint8Array(e.target.result as ArrayBuffer).subarray(0, 8)

---

95-97: Sanitize error messages before displaying to users

When calling the onError callback, consider sanitizing error messages to avoid exposing sensitive information. Providing generic error messages can enhance security and provide a better user experience.

Apply this diff to generalize the error message:

- onError(error instanceof Error ? error.message : 'Upload failed')
+ onError('File upload failed due to validation error.')

src/constants/general.consts.ts (2)

174-182: Review and limit allowed MIME types carefully

Ensure that the FILE_UPLOAD_ALLOWED_MIME_TYPES set includes only the necessary and safe MIME types. Allowing too many MIME types can increase the attack surface. Regularly review this list and consider potential security implications before adding new types.

---

186-199: Maintain and update valid file signatures

The VALID_FILE_SIGNATURES object is crucial for file validation. Ensure that all file signatures are accurate and up-to-date. For file types like JPEG, which have multiple valid signatures, include all necessary variations. Adding comments or references can help maintain clarity.

src/components/Request/Create/Views/Initial.view.tsx (2)

1-1: Remove unused import to clean up the code

The getTokenDetails import at line 1 appears to be unused in this file. Removing it can help reduce clutter and potential confusion.

Apply this diff to remove the unused import:

- import { getTokenDetails } from '@/components/Create/Create.utils'

---

132-137: Reset error state when errors are resolved

The handleFileUploadError function sets the errorState, but there is no logic to clear the error when the issue is resolved. Consider resetting the errorState when the user addresses the error to enhance user experience.

You can add logic to reset the error state when necessary.

src/utils/general.utils.ts (1)

1024-1039: LGTM! Well-implemented file signature validation.

The function effectively validates file headers against known signatures for PNG, JPEG, and PDF formats. The implementation is clean and well-documented.

Consider making the function more extensible by:

1. Using a map to iterate over valid signatures instead of hard-coding checks.
2. Adding support for more file types in the future.

Example refactor:

 export const isValidFileSignature = (header: string): boolean => {
-    return (
-        // PNG
-        header === consts.VALID_FILE_SIGNATURES.PNG ||
-        // JPEG (any variant)
-        consts.VALID_FILE_SIGNATURES.JPEG.includes(header as 'ffd8ffe0' | 'ffd8ffe1' | 'ffd8ffe2') ||
-        // PDF
-        header === consts.VALID_FILE_SIGNATURES.PDF
-    )
+    // Check single-signature formats
+    if (Object.values(consts.VALID_FILE_SIGNATURES).some(sig => 
+        !Array.isArray(sig) && header === sig
+    )) {
+        return true;
+    }
+    
+    // Check multi-signature formats
+    return Object.values(consts.VALID_FILE_SIGNATURES).some(sig =>
+        Array.isArray(sig) && sig.includes(header)
+    );
 }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bd60998 and 2a557d3.

📒 Files selected for processing (5)

• src/components/Create/Link/Input.view.tsx (3 hunks)
• src/components/Global/FileUploadInput/index.tsx (3 hunks)
• src/components/Request/Create/Views/Initial.view.tsx (3 hunks)
• src/constants/general.consts.ts (3 hunks)
• src/utils/general.utils.ts (2 hunks)

🔇 Additional comments (4)

src/components/Global/FileUploadInput/index.tsx (1)

70-72: Be cautious with MIME type from file.type

The MIME type provided by file.type can be manipulated by a malicious user. While you perform additional validation using file signatures, relying solely on file.type for security checks might not be sufficient. Ensure that server-side validations are also in place to prevent any security risks associated with spoofed MIME types.

src/components/Request/Create/Views/Initial.view.tsx (1)

191-195: Confirm all necessary props are passed to FileUploadInput

The FileUploadInput component now receives the onError prop for improved error handling. Ensure that this prop is correctly utilized within the component to handle errors as expected.

src/components/Create/Link/Input.view.tsx (2)

245-250: LGTM! Well-implemented error handling.

The error handling function is properly typed and follows React's state management best practices.

---

324-324: LGTM! Good error handling enhancement.

The onError prop properly connects the error handler to the FileUploadInput component, improving error reporting capabilities.

[coderabbitai]

⚠️ Potential issue

Prevent potential XSS attacks from user-uploaded images

Rendering user-uploaded images directly, especially SVG files, can lead to XSS vulnerabilities. SVG files can contain embedded scripts that may be executed in the browser. Even with crossOrigin="anonymous", this risk remains. Consider sanitizing SVG files before rendering or disallowing SVG uploads altogether.

Modify the code to exclude SVG files or handle them securely:

+ // Exclude SVG files to prevent potential XSS attacks
+ if (fileType === 'image/svg+xml') {
+   // Do not render the SVG image directly
+   // Optionally, show a placeholder or an alert
+ } else if (utils.checkifImageType(fileType)) {
    <img
        src={attachmentOptions.fileUrl}
        alt=""
        className="h-8 w-8"
        crossOrigin="anonymous"
    />
+ }

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/utils/general.utils.ts (1)

1031-1040: Consider enhancing the robustness of file signature validation.

While the current implementation is good, consider these improvements:

1. Add input validation for malformed headers
2. Add comments explaining the magic numbers (file signatures)
3. Simplify the JPEG validation using an array method

 export const isValidFileSignature = (header: string): boolean => {
+    // Validate input
+    if (!header || typeof header !== 'string') {
+        return false;
+    }
+
     return (
         // PNG (starts with 89 50 4E 47)
         header === consts.VALID_FILE_SIGNATURES.PNG ||
         // JPEG (starts with FF D8 FF Ex where x can be E0, E1, E2)
-        consts.VALID_FILE_SIGNATURES.JPEG.includes(header as 'ffd8ffe0' | 'ffd8ffe1' | 'ffd8ffe2') ||
+        consts.VALID_FILE_SIGNATURES.JPEG.some(sig => sig === header) ||
         // PDF (starts with 25 50 44 46)
         header === consts.VALID_FILE_SIGNATURES.PDF
     )
 }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2a557d3 and 2e16b48.

📒 Files selected for processing (2)

• src/components/Create/Link/Input.view.tsx (2 hunks)
• src/utils/general.utils.ts (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• src/components/Create/Link/Input.view.tsx

🔇 Additional comments (3)

src/utils/general.utils.ts (3)

1024-1040: LGTM! Well-structured file signature validation.

The implementation aligns well with the PR objectives for enhancing file upload security. The function is well-documented and handles multiple file formats correctly.

---

6-7: Consider specifying the version for the 'siwe' package.

While the imports are correctly used, it's recommended to specify the version of the 'siwe' package in package.json to ensure consistent behavior across different environments.

---

1034-1038: Verify the VALID_FILE_SIGNATURES constant structure.

Let's ensure that the required constants exist and have the correct structure.

✅ Verification successful

✓ VALID_FILE_SIGNATURES constant structure verified

The constant is properly defined in src/constants/general.consts.ts with the correct structure for PNG, JPEG variants, and PDF signatures. The usage in the code matches the constant's structure perfectly.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if VALID_FILE_SIGNATURES constant exists with correct structure
ast-grep --pattern 'export const VALID_FILE_SIGNATURES = {
  $$$
  PNG: $_,
  JPEG: $_,
  PDF: $_,
  $$$
}'

Length of output: 109

---

Script:

#!/bin/bash
# Search for VALID_FILE_SIGNATURES constant definition
rg "VALID_FILE_SIGNATURES" -A 10

# Backup search using ast-grep with simpler pattern
ast-grep --pattern 'const VALID_FILE_SIGNATURES = $_'

Length of output: 1628