generated from coulomb/repo-seed
1.3 KiB
1.3 KiB
Pattern: Secure File Upload Pipeline
Status: seed Readiness target: RL3 production Primary owners: product repos, artifact-store, NetKingdom Genesis family: Application/API security
Problem
User-supplied files can carry malware, parser attacks, data leakage, and unsafe object-storage exposure.
Context
Use this pattern for tenant file uploads, artifact ingestion, document processing, media upload, and user-controlled object storage paths.
Forces
- Users need convenient uploads.
- Uploaded files should not be trusted until processed.
- Scanning, classification, and transformation may be asynchronous.
- Object access must remain tenant and authorization scoped.
Solution
Route uploads through a controlled pipeline: accept to quarantine, record metadata, scan/classify, transform if needed, promote to trusted storage, and serve through authorized access paths.
Verification
- Raw uploads land in quarantine or untrusted storage.
- Scanning and classification results are recorded before promotion.
- Access to uploaded objects uses tenant and object-level authorization.
- Malicious or unsupported files fail safely.
Related Patterns
- Object-Level Authorization Check.
- STS Credential Vending.
- Tenant Data Partitioning.
- Central Audit Ledger.