File type whitelisting

Problem Description

We allow the upload of files or attachments for several of our core entities, such as Contracts and Orders. This opens up a potential security risk by allowing the upload (and later download by an unsuspecting user) of malicious executable files, which could compromise a users system.

Feature

We limit file upload to the following file types:

PurposeFile Types
Structured Data.csv, .xml, .json
Text & Word.doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .odt, .txt
Excel.xla, .xlam, .xll, .xlm, .xls,.xlsb, .xslm, .xlsx, xlt, .xltm, .xltx, xlw
PowerPoint.pot, .potm, .potx, .ppam, pps, .ppsx, .ppt, .pptm, .pptx
PDF.pdf