unrestricted-file-upload-anti-pattern
Installation
SKILL.md
Unrestricted File Upload Anti-Pattern
Severity: Critical
Summary
Applications accept user-uploaded files without validating type, content, or size, enabling attackers to upload malicious scripts or executables. Leads to remote code execution (web shells), server compromise, or denial-of-service (disk exhaustion).
The Anti-Pattern
The anti-pattern is accepting uploaded files without validating type, content, and size.
BAD Code Example
# VULNERABLE: No validation of file type, content, or size.
from flask import Flask, request
import os