Investigate the impact of malicious uploaded files

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

See https://gitlab.com/gitlab-org/manage/import/backend/discussion/-/issues/9 for context.

When we accept/process user-provided files during import / export, ensure that malicious files can not cause negative impacts. Similar to gitlab-com/gl-infra/production#6132. One example is Decompression Bombs.

Proposal

• Identify where we accept files from users
• Identify where we process already-uploaded files from users (e.g. when preparing an export and an MR has an attached file, or processing an archive that someone says is an import)
• Identify if any existing measures which prevent malicious files from impacting the system (e.g. anti-virus, sandboxing)
• Start a discussion on if and how we can improve our file handling protections against malicious files

N.b. this issue itself currently is a data gathering & conversation starting exercise, vs. having code-changing outcomes.

References

• https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/09-Test_Upload_of_Malicious_Files
  • In particular, the section on Zip Bombs