Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

AWS logo
Amazon QDetector Library

Unsafe File Extension Critical

Insufficiently restricted file uploads can allow a file to be uploaded that runs malicious code. For example, a website that doesn't check the file extension of an image can be exploited by uploading a script with an extension, such as .php or .asp, that can be run on the server.

Detector ID
c/unsafe-file-extension@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Compliant example

1#include <stdio.h>
2
3void unsafeFileExtensionCompliant() {
4    // Compliant: Safe extension used with fopen example
5    FILE* fileFopen = fopen("example.txt", "r");
6    if (fileFopen != NULL) {
7        printf("File opened successfully using fopen.\n");
8        fclose(fileFopen);
9    } else {
10        printf("Error: Failed to open the file using fopen.\n");
11    }
12}

Noncompliant example

1#include <stdio.h>
2
3void unsafeFileExtensionNonCompliant() {
4    // Noncompliant: Unsafe file extension used with fopen
5    FILE* fileFopen = fopen("example.bat", "rb");
6    if (fileFopen != NULL) {
7        printf("File opened successfully using fopen.\n");
8        fclose(fileFopen);
9    } else {
10        printf("Error: Failed to open the file using fopen.\n");
11    }
12}