简体繁体 English

如何处理用户输入文件（图像/视频）？

[英]How to deal with user input files (images / video)?

原文 2019-10-22 11:14:59 3 1 security/ assets/ mime-types/ input-sanitization

In our company, we have to deal with a lot of user uploads, for example images and videos.在我们公司，我们必须处理大量的用户上传，例如图片和视频。 Now I was wondering: how do you guys "deal with that" in terms of safety?现在我想知道：你们如何在安全方面“处理”？ Is it possible for an image to contain malicious content?图像是否可能包含恶意内容？ Of course, there are the "unwanted" pixels, like porn or something.当然，还有“不想要的”像素，比如色情或其他东西。 But that's not what I mean now.但这不是我现在的意思。 I mean images which "break" machines while they are being decoded, etc. I already saw this: How can a virus exist in an image .我的意思是在解码时“破坏”机器的图像等。我已经看到了这个：病毒如何存在于图像中。

Basically I was planning to do this:基本上我打算这样做：

Create a DMZ创建 DMZ
Store the assets in a bucket (we use GCP here) which lives inside the DMZ将资产存储在位于 DMZ 内的存储桶中（我们在这里使用 GCP）
Then apply "malicious code"-detection on the file然后对文件应用“恶意代码”检测
If it turns out to be fine... then move the asset into the "real" landscape (the non-dmz)如果结果很好......然后将资产移入“真实”景观（非dmz）

Now the 3rd part... what can I do here?现在是第三部分......我能在这里做什么？

Applying a virus scanner No problem with this, there are a lot of options here.应用病毒扫描程序没问题，这里有很多选项。 Simple approach and good chance that viruses are being caught.简单的方法和很好的病毒被捕获的机会。

Do mime-type detection Based on the first few bytes, I do a mime type detection.做 MIME 类型检测基于前几个字节，我做一个 MIME 类型检测。 For example, if someone sends us a "image.jpg" but in fact its an executable, then we would detect this.例如，如果有人向我们发送了“image.jpg”，但实际上它是一个可执行文件，那么我们会检测到这一点。 Right?正确的？ Is this safe enough?这足够安全吗？ I was thinking about this package .我在考虑这个 package 。

What else???还有什么？？？ Now... what else can I do?现在……我还能做什么？ How do other big companies do this?其他大公司如何做到这一点？ I'm not really looking for answers in terms of orchestration, etc. I know how to use a DMZ, link it all together with a few pubsub topics, etc. I'm purely interested in what techniques to apply to really find out that an incoming asset is "safe".我并不是真的在寻找编排等方面的答案。我知道如何使用 DMZ，将它们与一些 pubsub 主题链接在一起，等等。我纯粹对应用哪些技术真正感兴趣传入的资产是“安全的”。

1 个解决方案

What I would suggest is to not to do it outside the DMZ, let this be within your DMZ and it should have all the regular security controls as any other system will have within your data center.我的建议是不要在 DMZ 之外进行操作，让它在您的 DMZ 内，并且它应该具有所有常规安全控制，就像您的数据中心内的任何其他系统一样。

Besides the things ( Virus Scan, Mime - Type detection ) that you have outlined, i would suggest a few additional checks to perform.除了您概述的内容（病毒扫描、Mime - 类型检测）之外，我建议您执行一些额外的检查。

Size Limitation - You would not want anyone to just bloat out all the space and choke your server.大小限制- 您不希望任何人膨胀所有空间并阻塞您的服务器。
Throttling - Again you may want to control the throughput, at least have the ability to limit to some maximum value.节流- 同样，您可能希望控制吞吐量，至少有能力限制到某个最大值。
Heuristic Scan - Perhaps add a layer to the Anti Virus to do heuristics as well rather than simple signature scans.启发式扫描- 也许在防病毒软件中添加一个层来进行启发式扫描，而不是简单的签名扫描。
File System Access Control - Make sure that the file system access control is foolproof, even in case something malicious comes in it should be able to propagate out to other folders / paths.文件系统访问控制- 确保文件系统访问控制是万无一失的，即使有恶意软件进入，它也应该能够传播到其他文件夹/路径。
Network control - Make sure all the outbound connections are fire walled as well, just in case anything tries to make outward connections.网络控制- 确保所有出站连接也被防火墙保护，以防万一有任何东西试图建立向外连接。