Threat Uploads: Server side file extension validation + force downloads

[Maffooch]

To be consistent with the main Manage Files features across objects, the threat uploads feature needs to have server side extension validation, as well as forcing files to be downloaded

[sc-8130]

[dryrunsecurity]

DryRun Security Summary

The pull request focuses on improving the file serving and handling functionality of the application, including replacing the use of FileResponse with a more robust generate_file_response_from_file_path utility function, enhancing the generate_file_response function to accept a FileUpload object, and adding a new UploadThreatForm to validate file extensions for threat model file uploads.

Expand for full summary

Summary:

The code changes in this pull request focus on improving the file serving and handling functionality of the application. The changes include:

1. Replacing the use of FileResponse with a more robust generate_file_response_from_file_path utility function in the dojo/engagement/views.py file. This change ensures that the correct content type and headers are set in the response when serving files.

2. Enhancing the generate_file_response function in the dojo/utils.py file to accept a FileUpload object as input and call the new generate_file_response_from_file_path function. This provides a more uniform and maintainable way of serving files.

3. Adding a new UploadThreatForm in the dojo/forms.py file, which allows users to upload threat model files (JPG, PNG, PDF) and validates the file extension to ensure only valid file types are accepted.

From an application security perspective, these changes are generally positive, as they focus on improving the security and reliability of file handling and serving within the application. However, there are a few additional security considerations that could be addressed, such as:

• Validating the actual file type, not just the extension
• Enforcing file size limits to prevent denial-of-service attacks
• Sanitizing and encoding file names or metadata to prevent injection attacks
• Ensuring secure file storage with appropriate permissions and access controls

Overall, the code changes demonstrate a good understanding of security best practices and a commitment to improving the application's security posture.

Files Changed:

1. dojo/engagement/views.py: The changes replace the use of FileResponse with a call to the generate_file_response_from_file_path utility function, which ensures the correct content type and headers are set when serving files.

2. dojo/utils.py: The changes enhance the generate_file_response function to accept a FileUpload object as input and call the new generate_file_response_from_file_path function, providing a more uniform and maintainable way of serving files.

3. dojo/forms.py: A new UploadThreatForm has been added, which allows users to upload threat model files (JPG, PNG, PDF) and validates the file extension to ensure only valid file types are accepted.

Code Analysis

We ran 9 analyzers against 3 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Authn/Authz Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved