Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: File Upload System "File Type" restrictions #137

Open
teward opened this issue Apr 4, 2018 · 1 comment
Open

Feature Request: File Upload System "File Type" restrictions #137

teward opened this issue Apr 4, 2018 · 1 comment
Labels
ack enhancement

Comments

@teward
Copy link

teward commented Apr 4, 2018

It was noted that the web portal accepts any and all filetypes for uploading to the Web portal, during a penetration test and vulnerability test of a Trident instance. JavaScript files, HTML Files, and other files could be uploaded without restriction.

It may be prudent to create an option to allow only certain types of files to be uploaded via the "Files" portion of Trident trustgroups, to allow for us to better control what 'malicious' file types should not be uploaded to the Portal.
@teward teward changed the title Feature: File Upload System "File Type" restrictions Feature Request: File Upload System "File Type" restrictions Apr 4, 2018
@bapril
Copy link
Member

bapril commented May 12, 2018

This will require some thought. It would still be easy for a user to upload malicious HTML or JS under another file-type. This would require the user to change file-type in to expose the risk, but users of this platform do that frequently. We could simply block .htm/.html/.js etc, but without explanation users will change ext and upload anyway. Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ack enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@teward @bapril