# Arbitrary File Upload Analyzer PRO

Category Severity Time To Fix
🛡️ Security Major 5 minutes

Class: Enlightn\EnlightnPro\Analyzers\Security\ArbitraryFileUploadAnalyzer

# Introduction

This analyzer scans your application code to detect any missing file type validations.

If you allow uploading of files by users, you should also validate the file types being uploaded. Failure to do so may result in arbitrary code execution attacks. These attacks entail first uploading malicious executable files (such as PHP files) and then triggering their malicious code by visiting the file URL (if public).

This CWE (opens new window) highlights the risk of such attacks.

# How To Fix

To fix this, simply add validation rules to validate the file MIME type or extension as well:

$request->validate([
    'filename' => 'file|mimes:jpg,png,bmp'
]);

# References