Zip Slip in Django with Firestore

Zip Slip is a path traversal vulnerability that occurs when an application constructs file extraction paths using user-supplied input without proper validation. In a Django application that interacts with Google Cloud Firestore, the risk emerges not from Firestore itself, which does not directly handle file archives, but from how the application uses Firestore to store or reference downloadable file archives and then extracts them on the server or client side.

Consider a scenario where Django uses Firestore to store metadata about downloadable archive files, such as backups or data exports. The application might retrieve a filename or archive path from a Firestore document and then pass it to an archive extraction routine. If the archive contains malicious entries with paths like ../../../etc/passwd, and the extraction logic does not sanitize these paths, files can be written outside the intended directory. Because Firestore may be the source of truth for which archives are available, a compromised document or an over-permissive read rule can lead to the deployment of malicious archives into the processing pipeline.

Additionally, if Django serves as an administrative interface for Firestore data, an attacker who can modify Firestore documents might inject malicious archive identifiers or URLs. When the Django worker subsequently fetches and extracts the referenced archive, the Zip Slip vulnerability is realized. This is especially relevant when using libraries such as zipfile in Python without enforcing strict path sanitization. The combination of a trusted data store like Firestore and unsafe archive handling in Django creates a chain where a vulnerability in one layer propagates to another.

The OWASP API Top 10 category 'Broken Object Level Authorization' can intersect with this pattern if Firestore document IDs or references are not properly validated before being used to construct filesystem paths. Insecure default rules or missing validation in Firestore security rules might allow an authenticated user to write or modify entries that the Django app later processes, enabling privilege escalation or unauthorized file access through the extraction workflow.

Real-world exploitation often involves sending crafted archive files to a service that stores them in Firestore, then triggering a backend job that extracts them. If the extraction code does not use os.path.normpath and absolute path checks, the attacker can traverse directories. This highlights the importance of validating both the source of the archive metadata in Firestore and the integrity of the extraction logic in Django.

To mitigate Zip Slip in Django when working with Firestore, focus on strict path validation during archive extraction and secure handling of Firestore document metadata. Always treat data from Firestore as untrusted input, even if it originates from an internal service.

Use the zipfile module with arcname normalization and avoid relying on filenames embedded in the archive. The following example demonstrates a secure extraction pattern in a Django view or worker that processes archives referenced in Firestore:

import os
import zipfile
from google.cloud import firestore
from django.conf import settings

def safe_extract_zip(zip_path, extract_to):
    """Extract zip file safely, preventing directory traversal."""
    with zipfile.ZipFile(zip_path, 'r') as zf:
        for member in zf.infolist():
            # Normalize path and remove leading slashes
            member_path = os.path.normpath(member.filename)
            if member_path.startswith('..') or os.path.isabs(member_path):
                raise ValueError(f"Invalid file path in archive: {member.filename}")
            # Construct full target path
            target_path = os.path.join(extract_to, member_path)
            # Ensure the target path remains within extract_to
            if not target_path.startswith(os.path.abspath(extract_to)):
                raise ValueError(f"Path traversal detected: {member.filename}")
            zf.extract(member, extract_to)

def process_archive_from_firestore(document_id):
    """Fetch archive metadata from Firestore and extract safely."""
    db = firestore.Client()
    doc_ref = db.collection('archives').document(document_id)
    doc = doc_ref.get()
    if not doc.exists:
        raise ValueError("Archive metadata not found")
    data = doc.to_dict()
    archive_url = data.get('archive_url')
    # Download archive to a temporary location
    import urllib.request
    temp_path = f"/tmp/{os.path.basename(archive_url)}"
    urllib.request.urlretrieve(archive_url, temp_path)
    # Use a dedicated, restricted directory for extraction
    safe_extract_zip(temp_path, settings.EXTRACT_BASE_DIR)
    os.remove(temp_path)

In this example, the safe_extract_zip function enforces path validation by checking for parent directory sequences and ensuring all extracted paths remain within the designated base directory. This prevents Zip Slip regardless of the contents of the archive stored or referenced in Firestore.

Additionally, secure Firestore rules should limit which authenticated service accounts can write archive metadata and restrict document updates to trusted administrative services. Combine this with Django's permission system to ensure only authorized components can trigger archive processing jobs.

For continuous monitoring, the Django application can integrate with the middleBrick CLI to scan Firestore-related endpoints and detect insecure archive handling patterns. Running middlebrick scan <url> against your API endpoints helps identify exposed risks before deployment. Teams using CI/CD can leverage the GitHub Action to enforce security thresholds, ensuring that any new archive-handling logic does not introduce path traversal vulnerabilities.