I'm developing an application with next.js
I have an api endpoint that receives FormData in the request.
I'm using Formidable to get the files from the request.
Than, upload the file from its temporary path on the server to AWS S3.
My question is, how can i validate that the user didn't malformed the path of the file, and sending the request with a malicious path. For example, changing the path to "../../secretFile".
A regular path for example would be:
C:\Users\MyUsername\AppData\Local\Temp\upload_e69daadcd956ae15fc00551832d1be82
Related
We are using express-fileupload to uploading file on express project. Currently with some special case we want to add more file into request with some url. We create a new middleware to attach new file into request.files but not success.
I have a very peculiar scenario where the raw data of the file has to be sent. I have tried following options and still wasn't successful.
Http Request with form-data disabled but still its sending as multi-part which is not acceptable by the system
Sending the file contents in request body by following methods . They were successful however the file uploaded was encoded in some format so the MD5 hash of the original file and uploaded file doesn't match. Hence the uploaded file looked different from original
FileToString Method
Reading the file using HTTP request . Capturing the response and passing to the body of File upload request
Using Https Raw data . Since its https request, it cannot be used.
All possible encoding formats available but nothing worked as the application just expects the raw data without any encoding.
You're supposed to provide an example successful request and the file you're uploading, it can be captured using a sniffer tool like Wireshark or Fiddler, only this way we'll be able to come up with the relevant JMeter configuration required to replicate the request.
In the mean time I can only suggest trying recording the request using JMeter's HTTP(S) Test Script Recorder
Start JMeter's HTTP(S) Test Script Recorder
Import JMeter's certificate into your browser (or system certificates storage if the upload is being performed by other application), see HTTPS recording and certificates chapter of JMeter's documentation on HTTP(S) Test Script Recorder
Copy the file you're going to upload to "bin" folder of your JMeter installation (or JMeter's current working directory if you're launching it from a desktop shortcut or whatever), see Recording File Uploads with JMeter for more details
Perform the upload in the browser (or other application)
JMeter should intercept the request and generate proper HTTP Request sampler and HTTP Header Manager
I have a need in my project where i would get the uri of the folder and using it i have to download the files in the uri (in zipped format) as the normal format is leading to the default html file.Please let me know how i can do that with bamboo rest api
I'm currently working on file uploading in Lucee (deployed on Tomcat).
I'm sending an html form to an API, that keep the file temp. and then send it to our backend through http post request (formfield with payload + file) to invoke a cfc with a proper method.
That request goes to onRequestStart then onCFCRequest that invoke our CFC with our params. A response is returned to our API.
Problem is with file <50 mb it works perfectly but with larger files, the response we are receiving is a dump of the invoked component (without going through onCFCRequest), our file is in our temp folder, the form struct is not empty but our HTTPRequest content is empty.
Already tried to add params to Tomcat and Lucee like
maxHttpHeaderSize and maxPostSize in server.xml
<max-file-size> and <max-request-size>
I'm not getting any errors from Tomcat and Lucee about size limits.
Do you have any idea of what is happening ?
EDIT:
I have found this issue:
http://www.rupeshk.org/blog/index.php/2007/08/coldfusion-8-changes-with-file-upload/
Do you know how can i keep the content on my http request?
Because it's empty (no payload, no file) so it doesn't trigger the onCFCRequest handler. Thanks
What is the best practice to implement file uploads using Restler framework?
I like to have a API call that get the file save it in CDN and return back the CDN file URL to the caller. What is the best way to implement it?
File upload to CDN using our API
This requires two steps, first is to get the file on the API server.
add UploadFormat to the supported formats
Adjust the static properties of UploadFormat to suit your need
From your api method use $_FILES and move_uploaded_file to get the file to the desired folder. This step is common for any php upload process.
Now that you have the file on the server
Upload it to CDN. You can use any means provided my your CDN. It can be ftp or using some SDK to do the upload
Construct the CDN url and return it to the client