File Uploads Testing [gotcha]
So about a week ago I was testing a file manager package. I got it working and was going through the paces of uploading and deleting files and directories. Things seemed to be working ok so I moved on to something else and pretty much forgot I was looking at that package.
This morning, I started working on a file repository. For whatever reason, I opened up Laravel's storage/app folder in the IDE. There was this .log file with a cryptic filename. I opened it to look at it and saw a bunch on entries that looked something like this:
Automated Cleanup Engine
Starting Cleanup at 17/06/2016 - 19:53:12 GMT
Starting Routine> Removing [obfuscated]\temp\f9h6dgnm.exe.part...#(PX5: 1B99CDCA005F9D23002C03850DCF5600E9DCB1CD - MD5: 647B83BCBE7802CEE34569C0E2C693A3)...
Deleting File> [obfuscated]\temp\f9h6dgnm.exe.part
Closing Handle> 3984 - PID: 13360 - [obfuscated]\Temp\F9h6dgnM.exe.part
There were several similar entries with a 17/06/2016 stamp. What the heck was this .log file, why is it in the Laravel storage folder and what does it all mean. I'm starting to get a little paranoid. No, I'm started to get a lot paranoid. But it gets even stranger. There were date stamps in that log going back to last year. What? I only created the project a week or so ago. Now I'm digging through the filemanager package looking for vulnerabilities or any sign of some sort of malware. And all sorts of deep dark fears are starting to swirl around in my head. What have I done?
And then, a light went on. I remembered that at the time I was also testing some file upload code. And I uploaded my anti-virus log. And I obfuscated the filename. And I just spent about 15 minutes at the brink of panic all because of that.
So the moral of the story is, if you're testing upload code, don't upload an anti-virus log. It'll come back to bite you after you forget you did that. And those 17/06/2016 entries in the log? Yea, that was me trying to download MS Office apps from Office365. For whatever reason, WebRoot was tagging those as a threat and wasn't letting me download them. That's a whole different story.
Thought you could use a laugh.
Please or to participate in this conversation.