Skip to content
Critiq Docs

Search docs

Search documentation pages and rules

security.filesystem

Harden Echo multipart uploads

Multipart handlers should cap body size, sanitize filenames with `filepath.Base`, and avoid concatenating user filenames into destination paths.

#Metadata

Rule ID
go.security.echo-unsafe-multipart-upload
Severity
high
Confidence
0.78
Languages
go
Presets
security, strict
Stability
experimental
Applies to
block
Tags
echo, go, rules-catalog, security

#Why it matters

Unbounded multipart reads and raw `FormFile().Filename` usage enable DoS and path traversal when combined with predictable upload directories.

#Remediation

Wrap the request body with `http.MaxBytesReader`, normalize filenames with `filepath.Base`, enforce extension allowlists, and prefer storage APIs that never trust client paths.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/go/go.security.echo-unsafe-multipart-upload.rule.yaml.

Back to directoryOpen rule in repository