Trusting MIME type sent from clients is dangerous ------------------------------------------------- Key: SRAMP-178 URL: https://issues.jboss.org/browse/SRAMP-178 Project: S-RAMP Issue Type: Bug Security Level: Public(Everyone can see) Components: Client Affects Versions: 0.1.1 Reporter: Lukas Krejci Assignee: Kurt Stam Fix For: 0.2.0 - Milestone 4 While uploading artifact to the repository, the S-RAMP server completely trusts the client with the supplied mime type and uses it from thereafter. This also includes the time when the artifact is downloaded from S-RAMP server. This is quite dangerous, IMHO, because it gives the potential attackers the means for making certain types of files look like something they aren't. This could be a nice vector to exploiting vulnerabilities in applications that then open such files. For example, consider this command: curl -H 'Content-Type: image/png' -H 'Slug: wha.pkg' --data-binary @tmp.pdf 'http://localhost:8080/s-ramp-server/s-ramp/core/Document' This will create an artifact called "wha.pkg" in the repository, which will have the stored content type of "image/png" but the actual data will be a PDF. IMHO, the mime type detection should be purely a server-side affair ignoring any hints of mimetype sent in by the clients.