Enable possibility to filter out which attachment type is allowed

[fpietrosanti]

Current behavior
Actually is not possible to filter which kind of attachments type are allowed within the file upload.

Expected behavior
This ticket is to add the possibility to implement a list of file type, based on the file type extension, as a whitelist for a specific file upload field.

Please note that this filter would not be safe against mime-type spoofing or other sophisticated attacks that would require to evaluate in greater details the file type.

[aetdr]

@evilaliv3 we are missing this feature too, and wondering how come that this still is not implementet.
Is it a difficult task, or is there some other explanation?

[evilaliv3]

Thank you for your feedback @aetdr

Actually many are the reasons why we have currently not implemented this feature.

• techinically speaking globaleaks is currently never saving the file in plaintext on the filesystem that is what would be actually required to be an effective mime type check. More simple checks could be made based on the detected browser mimetype or on the file extention but this would result highly ineffective and insecure.
• from the point of view of the attacker is always really simple to upload a malicious file e.g. uploading an archive file (e.g. a zip file) containing some malware; one could filter archives, exe or file with macros but in many cases this files could be real evidences, so actually limiting those file types just because they could be malicious could be pretty limiting

What do you think? whould you please clarify why are you interested in this feature and what you thing in relation to my comments?

[aetdr]

Hi @evilaliv3

Basically, I do agree with you. It first gets dangerous when the recipient decrypts the file, and there is no way around educating users.

It is about control, I guess. People want to be in charge and to be able to manage this balance, security vs usability, by themselves.

When considering different product, this is one of bigger questions that pop up. If there is anonymous upload involved, and there is no way to control it, people get nervous. This one hurts adoption of globaleaks too.
I know for sure that just a simple file extension blocking would make a lot of people happy (particularly those who make decisions)

[DAD405]

To push this Topic up I would like to vote for the request for an Filter list.
In Addition something similar as warning popup on download.

Usecase is the implementation of a company compliance Portal with expected low count of Cases.
These Cases will be spread over different topics involving different Recipients who might get a single number of Cases in a whole Year. (e.G. accounting, GDPR, safety - all different recipients)
These Users will encounter a report maybe once a Year, besides their normal work. Because of this scenario there will be nearly no "Routine" in operational Safety or awareness of Threads coming from "Our" System.

The Possibility of restricting the possible Upload File types to something on the safe side will set the hurdles to an possible Attacker a bit higher.
e.g. In the first Report : why should a whistleblower should be able to attach an .exe; .bat or an office-document with enabled macros .docm? A .pdf, .jpg or document without macros should do.

I know there are ways to circumvent these simple measures but this will add extra steps in the attack which might raise a flag on the recipient.

Additional I would like to have the option to add an extra Warning about possible Malware and the Users obligation to be careful maybe everytime they click on Download or as a message above the downloadable files.

[elbill]

I agree with @DAD405. In the last years office macros have gotten more dangerous delivering around 45% of malware. There are ways to bypass filtering however a strict pdf, jpg file policy using filtering would be more than welcome.

[evilaliv3]

@elbill @DAD405 @aetdr : would a filter based on the file extension suffice your needs?

Without saving the file in plaintext on the disc, there is actually no way we could currently block a specific file type because we miss any component that could verify it.

Of course this won't make it possible to block .exe file that is renamed .jpg before uploading it

[elbill]

@evilaliv3 that would be adequate.

[aetdr]

Hi @evilaliv3

Yes, even if limited, it is better than nothing at all.

@DAD405 proposal to issue a warning each time rapports are downloaded is quite important too.
I will even go further and require the user to input a random string defined in the warning text before proceeding.
And it would be great if the warning text could be customizable.

[evilaliv3]

Thank you for both your feeback @elbill and @aetdr

Please let me know if in any of your contracts with your clients we could work out a service contract to support development for the evolution of the system

[elbill]

@evilaliv3 can you please clarify?

[evilaliv3]

Thank you @elbill for the question.

GlobaLeaks is an open source software. If you build services on top of it and your clients have some needs you may contibute to the project proposing and developing a feature yourself or alternatively contribute to the project finantially supporting us to grow a team that could build the feature that the community needs.

[yevon]

Hi, any news about this one? Any alternatives to just filter certain file extensions?