upload-files feature: RBAC ordering and file type validation

sallyom · claude · sallyom · commit bad835944dfb · 2025-12-12T14:25:11.000-05:00
fixing authentication pattern violation and
adding MIME type validation via magic bytes to prevent Content-Type spoofing.

- Fix RBAC check ordering in DeleteSessionWorkspaceFile to prevent session enumeration
- Add file-type package for magic byte detection on all file uploads
- Validate actual file content against claimed Content-Type headers for both local and URL uploads

Co-Authored-By: Claude Sonnet 4.5 &lt;noreply@anthropic.com&gt;
Signed-off-by: sallyom &lt;somalley@redhat.com&gt;
diff --git a/components/backend/handlers/sessions.go b/components/backend/handlers/sessions.go
@@ -2754,18 +2754,6 @@ func DeleteSessionWorkspaceFile(c *gin.Context) {
 		return
 	}
 
-	// Verify session exists using reqDyn before RBAC check to prevent session enumeration
-	gvr := GetAgenticSessionV1Alpha1Resource()
-	if _, err := reqDyn.Resource(gvr).Namespace(project).Get(c.Request.Context(), session, v1.GetOptions{}); err != nil {
-		if errors.IsNotFound(err) {
-			c.JSON(http.StatusNotFound, gin.H{"error": "Session not found"})
-			return
-		}
-		log.Printf("DeleteSessionWorkspaceFile: Failed to verify session existence: %v", err)
-		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to verify session"})
-		return
-	}
-
 	// Validate and sanitize path to prevent directory traversal
 	// Use robust path validation that works across platforms
 	sub := strings.TrimPrefix(c.Param("path"), "/")
@@ -2792,6 +2780,7 @@ func DeleteSessionWorkspaceFile(c *gin.Context) {
 	}
 
 	// RBAC check: verify user has update permission on agenticsessions (file operations modify session state)
+	// IMPORTANT: RBAC check MUST happen BEFORE checking session existence to prevent enumeration attacks
 	ssar := &authzv1.SelfSubjectAccessReview{
 		Spec: authzv1.SelfSubjectAccessReviewSpec{
 			ResourceAttributes: &authzv1.ResourceAttributes{
@@ -2813,6 +2802,19 @@ func DeleteSessionWorkspaceFile(c *gin.Context) {
 		return
 	}
 
+	// Verify session exists using reqDyn AFTER RBAC check
+	// This prevents enumeration attacks - unauthorized users get same "Forbidden" response
+	gvr := GetAgenticSessionV1Alpha1Resource()
+	if _, err := reqDyn.Resource(gvr).Namespace(project).Get(c.Request.Context(), session, v1.GetOptions{}); err != nil {
+		if errors.IsNotFound(err) {
+			c.JSON(http.StatusNotFound, gin.H{"error": "Session not found"})
+			return
+		}
+		log.Printf("DeleteSessionWorkspaceFile: Failed to verify session existence: %v", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to verify session"})
+		return
+	}
+
 	// Try temp service first, then regular service
 	serviceName := fmt.Sprintf("temp-content-%s", session)
 	serviceFound := false
diff --git a/components/frontend/package-lock.json b/components/frontend/package-lock.json
diff --git a/components/frontend/package.json b/components/frontend/package.json
@@ -26,6 +26,7 @@
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
     "date-fns": "^4.1.0",
+    "file-type": "^21.1.1",
     "highlight.js": "^11.11.1",
     "lucide-react": "^0.542.0",
     "next": "15.5.7",
diff --git a/components/frontend/src/app/api/projects/[name]/agentic-sessions/[sessionName]/workspace/upload/route.ts b/components/frontend/src/app/api/projects/[name]/agentic-sessions/[sessionName]/workspace/upload/route.ts
@@ -1,6 +1,7 @@
 import { buildForwardHeadersAsync } from '@/lib/auth';
 import { BACKEND_URL } from '@/lib/config';
 import { NextRequest } from 'next/server';
+import { fileTypeFromBuffer } from 'file-type';
 
 // Maximum file sizes based on type
 // SDK has 1MB JSON limit, base64 adds ~33% overhead, plus JSON structure overhead
@@ -84,6 +85,57 @@ function isValidUrl(urlString: string): boolean {
   }
 }
 
+// Validate file content type via magic bytes
+// Returns the actual MIME type detected from file content, or null if detection fails
+// This prevents Content-Type header spoofing attacks
+async function validateFileType(buffer: ArrayBuffer, claimedType: string): Promise<string> {
+  try {
+    // Convert ArrayBuffer to Uint8Array for file-type library
+    const uint8Array = new Uint8Array(buffer);
+
+    // Detect actual file type from magic bytes
+    const detected = await fileTypeFromBuffer(uint8Array);
+
+    if (!detected) {
+      // If detection fails, treat as plain text/binary
+      // Allow the claimed type only if it's text-based or generic binary
+      if (claimedType.startsWith('text/') || claimedType === 'application/octet-stream') {
+        return claimedType;
+      }
+      // For other types, reject if we can't verify
+      throw new Error('Unable to verify file type. File may be corrupted or unsupported.');
+    }
+
+    // Normalize both types for comparison (remove parameters like charset)
+    const normalizedClaimed = claimedType.split(';')[0].trim().toLowerCase();
+    const normalizedDetected = detected.mime.toLowerCase();
+
+    // Check if types match
+    if (normalizedClaimed !== normalizedDetected) {
+      // Special case: allow jpeg/jpg variations
+      const isJpegVariant = (type: string) => type === 'image/jpeg' || type === 'image/jpg';
+      if (isJpegVariant(normalizedClaimed) && isJpegVariant(normalizedDetected)) {
+        return detected.mime;
+      }
+
+      // Types don't match - reject
+      throw new Error(
+        `Content-Type mismatch: claimed '${normalizedClaimed}' but detected '${normalizedDetected}'. ` +
+        `This may indicate a malicious file or incorrect Content-Type header.`
+      );
+    }
+
+    // Use the detected type (more trustworthy than header)
+    return detected.mime;
+  } catch (error) {
+    // Re-throw validation errors
+    if (error instanceof Error) {
+      throw error;
+    }
+    throw new Error('File type validation failed');
+  }
+}
+
 // Compress image if it exceeds size limit
 // Returns compressed image buffer or original if already small enough, along with compression metadata
 // IMPORTANT: Compression preserves original format (PNG stays PNG, JPEG stays JPEG, etc.)
@@ -311,15 +363,33 @@ export async function POST(
       // Sanitize filename to prevent path traversal attacks
       const rawFilename = (formData.get('filename') as string) || file.name;
       const filename = sanitizeFilename(rawFilename);
-      const contentType = file.type || 'application/octet-stream';
+      const claimedContentType = file.type || 'application/octet-stream';
+      const fileArrayBuffer = await file.arrayBuffer();
 
-      // Compress and validate file
+      // Validate file type via magic bytes to prevent malicious file uploads
+      let validatedContentType: string;
+      try {
+        validatedContentType = await validateFileType(fileArrayBuffer, claimedContentType);
+      } catch (error) {
+        return new Response(
+          JSON.stringify({
+            error: error instanceof Error ? error.message : 'File type validation failed',
+            details: 'The file content does not match the claimed file type'
+          }),
+          {
+            status: 400,
+            headers: { 'Content-Type': 'application/json' },
+          }
+        );
+      }
+
+      // Compress and validate file size
       let fileBuffer: ArrayBuffer;
       let finalContentType: string;
       let compressionInfo: { compressed: boolean; originalSize: number; finalSize: number };
 
       try {
-        const result = await compressAndValidate(await file.arrayBuffer(), contentType);
+        const result = await compressAndValidate(fileArrayBuffer, validatedContentType);
         fileBuffer = result.buffer;
         finalContentType = result.contentType;
         compressionInfo = result.compressionInfo;
@@ -394,15 +464,33 @@ export async function POST(
         });
       }
 
-      const contentType = fileResp.headers.get('content-type') || 'application/octet-stream';
+      const claimedContentType = fileResp.headers.get('content-type') || 'application/octet-stream';
+      const fileArrayBuffer = await fileResp.arrayBuffer();
+
+      // Validate file type via magic bytes to prevent Content-Type spoofing
+      let validatedContentType: string;
+      try {
+        validatedContentType = await validateFileType(fileArrayBuffer, claimedContentType);
+      } catch (error) {
+        return new Response(
+          JSON.stringify({
+            error: error instanceof Error ? error.message : 'File type validation failed',
+            details: 'The file content does not match the claimed Content-Type header'
+          }),
+          {
+            status: 400,
+            headers: { 'Content-Type': 'application/json' },
+          }
+        );
+      }
 
-      // Compress and validate file
+      // Compress and validate file size
       let fileBuffer: ArrayBuffer;
       let finalContentType: string;
       let compressionInfo: { compressed: boolean; originalSize: number; finalSize: number };
 
       try {
-        const result = await compressAndValidate(await fileResp.arrayBuffer(), contentType);
+        const result = await compressAndValidate(fileArrayBuffer, validatedContentType);
         fileBuffer = result.buffer;
         finalContentType = result.contentType;
         compressionInfo = result.compressionInfo;
