Etapa 2: Procesamiento de la Información

<CFFILE> is simultaneously one of the most powerful and most dangerous tags

ColdFusion has to offer.This tag has two discrete but related uses: file manipula- tion and file upload. File manipulation includes creating, deleting, copying, moving, renaming, reading, and writing files on the local file system. File upload allows you to create forms that a visitor can use to upload files to the server.

The file manipulation capabilities of <CFFILE> can be used in many ways. For example, you can use <CFFILE> with the append action to create your own custom logging system (this was de rigueur in ColdFusion 4.x; as of ColdFusion 5, the <CFLOG> tag replaces some of this functionality).You could use

<CFFILE> with the read action to parse data out of an existing tab-delimited

file, as shown in Figure 3.6.You could use <CFFILE> with the delete action to clear out any temp files or file system-based caches you left lying around.

Figure 3.6Translating a Tab-Delimited File into a Query

<!--- read a tab-delimited file with two columns ---> <cffile action="read" file="d:\temp\skureport.txt"

variable="filecontent">

<!--- create an empty query with two columns ---> <cfset myQuery = QueryNew("sku,price")>

<!--- loop through the file content line-by-line ---> <cfloop list="#filecontent#" index="line"

delimiters="#chr(10)#">

<!--- for each line, add a row to the query ---> <cfset QueryAddRow(myQuery)>

<!--- and split each line, delimited by a tab character. Set query cells. --->

<cfset QuerySetCell(myQuery, "sku", ListFirst(line,chr(9)))>

<cfset QuerySetCell(myQuery, "price", ListLAst(line,chr(9)))>

</cfloop>

The security holes opened by <CFFILE>’s file manipulation are similar to those of <CFDIRECTORY>—exposure of sensitive information, and the ability to rename or delete critical files. In combination, <CFDIRECTORY> and

<CFFILE> have the ability to delete entire directories’ worth of files. <CFFILE>’s second function is to upload files to the server from a user’s

computer, via a browser. <CFFILE> with the upload action serves as a socket for the HTML <INPUT TYPE=“FILE”> tag. One common use for this is to upload images for placement within a content management system. Figure 3.7 details a basic page for uploading files.

Figure 3.7 A Simple File Upload Page

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

<title>Simple Uploader</title> </head>

<body>

<!--- if submitted, accept upload --->

<cfif IsDefined("form.buttonSubmit") AND Len(form.theFile)> <cffile action="upload"

destination="d:\temp\" filefield="theFile">

<cfoutput>

File has been uploaded: #cffile.serverfile#. <hr>

</cfoutput>

</cfif>

<form action="#cgi.script_name#" method="post" enctype="multipart/form-data">

<input type="File" name="theFile"><br>

<input type="Submit" name="buttonSubmit" value="upload file">

</form> </body> </html>

If you allow <CFFILE> within your application, especially if you have a publicly accessible form with an upload action, you have to be very, very careful. This becomes exponentially more serious if your uploads reside within the Web root after they are uploaded to the server. In a typical application, you can allow the user to upload an image, and once the upload is complete, you display the

image to the user. In this situation, you have allowed the user to create a file of his choosing on your server, and you have given the user the URL to that file. This is a gift to a hacker.The hacker can write a quick ColdFusion page con- taining malicious code—say, code that loops through a directory and deletes each file—then upload the file to your server, and then execute that file.

What can you do to prevent this? First, you can disable <CFFILE>; however, this is not always an option. If you must allow <CFFILE>, there are options.The main line of defense is <CFFILE>’s accept attribute.This attribute specifies which MIME types can be uploaded to your server. If you only want to accept images, then you would use <CFFILE ACTION=“upload” ACCEPT=“image/gif,image/

jpg,image/jpeg,image/pjpeg”>; this allows .gif and .jpg files.

S

A

The rename action of both <CFFILE> and <CFDIRECTORY> does not distinguish between files and directories on the file system. For example,

<CFFILE> can rename a directory, and <CFDIRECTORY> can rename a

file. Thus, disabling one but not the other might not be sufficient protec- tion. This does not apply to other actions such as delete.