Appearance
Browser Uploads Egress Tests (DM-WEB)
Validate that browser and application upload flows cannot leak sensitive data (including chunked uploads and direct-IP attempts) when policy denies it.
Objectives
- Block HTTP form uploads of classified content.
- Prevent chunked or multi-part upload bypass.
- Ensure proxy+pinning and fail-closed posture apply during uploads.
Preconditions
- Apply the following deny-by-default policy:
json
{
"configuration": {
"network": {
"capabilities": { "egressDefaultAction": "deny" }
},
"launch": {
"runtime": {
"dataMotion": {
"settings": {
"clipboard": { "enabled": true, "defaultAction": "deny" },
"dragDrop": { "enabled": true, "defaultAction": "deny" }
}
}
}
}
}
}Controls Under Test
runtime.dataMotion.rules[](clipboard/drag-drop interactions with browsers)- Networking proxy and pinning
Test Scenarios
| ID | Test Scenario | Procedure | Expected Outcome |
|---|---|---|---|
| DM-WEB-01 | HTTP Upload of Classified File | 1. Label file as CUI.2. Attempt upload via web form. | Pass: Upload denied or transformed per policy. |
| DM-WEB-02 | Chunked Upload Bypass | 1. Attempt multiple small chunk uploads. 2. Recombine server-side. | Pass: Rate-limits/denies prevent exfiltration. |
| DM-WEB-03 | Direct IP Upload | 1. Attempt POST to server IP directly. | Pass: Denied by egress default deny unless allowed. |
| DM-WEB-04 | TLS Pinning/Proxy Outage | 1. MitM with wrong CA or simulate proxy outage. | Pass: Connection fails; no direct fallback. |
| DM-WEB-05 | WebSocket Upload Masquerade | 1. Use Upgrade: websocket to stream file bytes to server.2. Attempt to bypass HTTP upload controls. | Pass: Denied by proxy/pinning/default-deny; audit shows httpUpgrade: websocket, action: deny. |
| DM-WEB-06 | HTTP/3 (QUIC) Upload | 1. Force HTTP/3 to target endpoint. 2. Attempt file upload. | Pass: Denied; audit captures alpn: "h3"; no fallback to direct path. |
| DM-WEB-07 | IPv6 Literal/SNI-less | 1. Attempt POST to IPv6 literal without SNI. | Pass: Denied by SNI/pinning; audit shows sni: null, ip: .... |
| DM-WEB-08 | Alternate Ports (8443/9443) | 1. Attempt upload on non-standard TLS ports. | Pass: Denied by default deny; port recorded in audit; no implicit allow. |
| DM-WEB-09 | MIME Mismatch | 1. Set Content-Type: text/plain but send binary .zip.2. Attempt server accept. | Pass: Denied or transformed per policy; audit notes mismatch/context. |
| DM-WEB-10 | Chunked Obfuscation & Rechunk | 1. After block, vary chunk sizes/out-of-order recombination attempts. 2. Retry with delays to evade rate limits. | Pass: Rate limit and cumulative quota prevent exfiltration; correlated events show cumulative bytes. |
Evidence Requirements
- Audit category:
dataMotionand/ornetworkwithaction,outcome, and classification context when applicable. - For transport details include:
protocol,alpn(h2/h3),sni,ip,port,proxyUsed,httpUpgrade(when present),pinnedRootRef/pinnedCertRef. - For rate limiting include:
bytes,cumulativeBytes,rateLimitTriggered.
Example Audit Artifact
json
{
"timestamp": "2026-01-21T23:55:00Z",
"category": "network",
"protocol": "tls",
"alpn": "h2",
"httpUpgrade": "websocket",
"sni": "uploads.example.com",
"ip": "203.0.113.10",
"port": 443,
"proxyUsed": true,
"pinnedRootRef": "corp-root-2026",
"action": "deny",
"outcome": "blocked",
"reason": "unpinned-endpoint",
"sessionId": "aa31e2...",
"appId": "sandbox-browser",
"siteRef": "prod-us-1"
}Troubleshooting
- Confirm the browser inside the sandbox honors proxy enforcement; disable any auto-switching to direct where possible.
- Validate classification mapping so
normalizedlabels (e.g.,CUI) appear for labeled artifacts. - For chunked uploads, ensure server-side recombination is observable and audit correlates multiple events when applicable.
Known Limitations & Negative Space
- These procedures do not cover client-side obfuscation/encryption prior to upload; treat as separate adversarial scenarios.
- Browser extensions can alter behavior; test with a clean profile unless the extension is in scope.
