Develop/fixes/td 3727 unrestricted file upload vulnerability

[swapnamol-abraham]

JIRA link

https://hee-tis.atlassian.net/browse/TD-3727

Description

Implemented logging and alerting mechanisms for suspicious file uploads.

Implemented a model prompt the user for their password and verify before uploading

Case and Assessment: included missing file types.

Issue with .zip Files in generic file types: Implemented the .zip file validation and it should scan content of uploaded zips (as general file type resources) in the Azure Function and log the error in the table if bad filetypes exist.

Screenshots

Paste screenshots for all views created or changed: mobile, tablet and desktop, wave analyser showing no errors.

---

Developer checks

I have:

• Run the IDE auto formatter on all files I’ve worked on and made sure there are no IDE errors relating to them
• Written or updated tests for the changes (accessibility ui tests for views, tests for controller, data services, services, view models created or modified) and made sure all tests are passing
• Manually tested my work with and without JavaScript (adding notes where functionality requires JavaScript)
• Tested any Views or partials created or changed with Wave Chrome plugin. Addressed any valid accessibility issues and documented any invalid errors
• Updated my Jira ticket with testing notes, including information about other parts of the system that were touched as part of the MR and need to be tested to ensure nothing is broken
• Scanned over my pull request in GitHub and addressed any warnings from the GitHub Build and Test checks in the GitHub PR ‘Files Changed’ tab
  Either:
• Documented my work in Confluence, updating any business rules applied or modified. Updated GitHub readme/documentation for the repository if appropriate. List of documentation links added/changed:
  • doc_1_here
    Or:
• Confirmed that none of the work that I have undertaken requires any updates to documentation