Golang Snippet #01
This challenge covers the review of a snippet of code written in Golang
The Code Review Snippet challenge for Golang 01 examines a function called uploadFile, which handles file uploads in an HTTP request. The video walks you through the code, explaining each step and highlighting a critical vulnerability. The vulnerability lies in trusting the value of handler.Filename, which can be exploited for directory traversal attacks, allowing files to be written outside the intended /tmp directory.
Despite a patch in May 2021 that mitigates this issue in recent versions of Golang by calling basename on handler.Filename, understanding this pattern is crucial. Always ensure your code does not blindly trust filenames provided by the browser, as they can be tampered with to include malicious directory paths.