...
Many Java enterprise frameworks provide configuration settings intended to be used as a defense against arbitrary file upload. Unfortunately, most of them fail to provide adequate protection. Mitigation of this vulnerability involves checking file size, content type and file contents among other metadata attributes.
Noncompliant Code Example
This noncompliant code example shows some XML code from the upload action of a Struts 2 application. The interceptor code is responsible for allowing file uploads.
...
This code appears to violate ERR08-J. Do not catch NullPointerException or any of its ancestors. But it does not violate that rule, because it falls under the exception ERR08-EX2.
Compliant Solution
The file upload must only succeed if the content type matches the content present within the file. For example, a file with an image header must only contain an image and not executable code. This compliant solution uses the Apache Tika library to detect and extract metadata and structured text content from documents using existing parser libraries [Apache Tika|http://tika.apache.org/index.html]. The checkMetaData() method must be called before invoking execute().
...
The AutoDetectParser selects the best available parser based on the content type of file to be parsed.
Applicability
An arbitrary file upload vulnerability could result in privilege escalation and execution of arbitrary code.
Bibliography
...