ASVS Requirement 5.2.5

• Level: 3
• Chapter: V5 File Handling
• Section: V5.2 File Upload and Content
• Source: 0x14-V5-File-Handling.md

Description

Verify that the application does not allow uploading compressed files containing symlinks unless this is specifically required (in which case it will be necessary to enforce an allowlist of the files that can be symlinked to).