File and Side-Channel Attacks

5.11. File and Side-Channel Attacks#

Applications often let users upload, download, open, or process files. Secure code must treat these files as untrusted input, because attackers can use files to run code, read private data, overwrite server files, or exhaust system resources.

Some vulnerabilities are also linked to hardware behaviour. A side-channel attack uses indirect information, such as timing, cache behaviour, or power use, to infer secret data without directly breaking the algorithm.

5.11.1. File Attacks#

A file attack occurs when a file or file path is crafted to make the application do something unsafe. File uploads are a common example, because a user controls the file name, file type, file size, and file contents.

Common file attack risks include:

  • uploading executable code instead of a normal document or image

  • using a misleading file extension, such as naming a script avatar.jpg

  • uploading very large files to fill disk space or memory

  • including malicious content in a file that will be parsed by another program

  • using file names such as ../../secret.txt to attempt path traversal

  • storing private files where they can be downloaded directly by other users

  • leaking metadata, such as location data in images or author names in documents

Safer file handling should validate the file before it is trusted. Check the expected file type, set a maximum file size, generate a safe server-side file name, and store uploads outside directories that are served directly by the web server. The application should check authorisation before allowing a file to be downloaded.

5.11.2. Path Traversal#

Path traversal is a file attack where an attacker uses parts of a file path to escape the intended directory. For example, an unsafe download route might accept a filename from the query string:

/download?file=../../config.py

If the server joins this input directly to a folder path, the attacker may be able to read files that were never meant to be public.

To reduce path traversal risk:

  • avoid using raw user input as a file path

  • store file records in a database and look them up by an internal ID

  • generate server-side file names instead of trusting uploaded file names

  • normalise and check paths before opening files

  • reject path separators such as / and .. in user-supplied file names

5.11.3. Side-Channel Attacks#

A side-channel attack does not usually attack the code path directly. Instead, it studies clues from how the system behaves. For example, an attacker might measure how long a password reset token comparison takes, or study hardware cache behaviour to infer information about a cryptographic key.

Examples of side-channel information include:

  • timing differences

  • memory access patterns

  • CPU cache behaviour

  • power use

  • electromagnetic signals

  • file size or response size

Most application developers do not need to design low-level hardware defences, but secure software should avoid creating obvious side channels. For example, secret tokens should be compared using trusted constant-time comparison functions, error messages should not reveal which part of a login failed, and responses should avoid exposing unnecessary details about private data.

5.11.4. Glossary#

File attack#

An attack that uses a file, file name, file path, or file contents to make software behave unsafely.

Side-channel attack#

An attack that uses indirect information, such as timing, cache behaviour, or power use, to infer secret data.

Path traversal#

A file attack where an attacker uses path elements such as .. to access files outside the intended directory.