DEV Community

Gabriel Maheu
Gabriel Maheu

Posted on

Files pass validation… then break in production

#node #webdev #security #programming

Most upload pipelines check file type and size — and assume the file is safe.

But that’s exactly where things go wrong.

Real issues often show up later — when files are actually used.

  • malware hidden in uploads
  • exposed API keys in config files
  • payloads that look valid but break at runtime

The problem isn’t validation.

It’s when validation happens.

The gap

Files are trusted too early.

By the time something breaks, it’s already in production.

What I built

I built a Strapi plugin that scans files right after upload, before they’re ever used.

Upload → Scan → Verdict
Enter fullscreen mode Exit fullscreen mode

Right after upload — before anything touches production.

Instead of trusting files based on format, it checks what’s actually inside.

What it catches

It catches malware, exposed secrets, and unsafe payloads — including issues that pass validation but fail later at runtime.

Links

GitHub: https://github.com/cyphernetsecurity/cypherscan-strapi

npm: https://www.npmjs.com/package/strapi-plugin-cypherscan

Demo: https://youtu.be/zRk-9Es7mwA

How are you handling file validation today?

At upload — or only when things break?

Top comments (0)