Golang Snippet #01

This challenge covers the review of a snippet of code written in Golang

< 1 Hr.


The Code Review Snippet challenge for Golang 01 examines a function called `uploadFile`, which handles file uploads in an HTTP request. The video walks you through the code, explaining each step and highlighting a critical vulnerability. The vulnerability lies in trusting the value of `handler.Filename`, which can be exploited for directory traversal attacks, allowing files to be written outside the intended `/tmp` directory.

Despite a patch in May 2021 that mitigates this issue in recent versions of Golang by calling `basename` on `handler.Filename`, understanding this pattern is crucial. Always ensure your code does not blindly trust filenames provided by the browser, as they can be tampered with to include malicious directory paths.

Want to learn more? Get started with PentesterLab Pro! GO PRO