File type whitelisting
Problem Description
We allow the upload of files or attachments for several of our core entities, such as Contracts and Orders. This opens up a potential security risk by allowing the upload (and later download by an unsuspecting user) of malicious executable files, which could compromise a users system.
Feature
We limit file upload to the following file types:
| Purpose | File Types |
|---|---|
| Structured Data | .csv, .xml, .json |
| Text & Word | .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .odt, .txt |
| Excel | .xla, .xlam, .xll, .xlm, .xls,.xlsb, .xslm, .xlsx, xlt, .xltm, .xltx, xlw |
| PowerPoint | .pot, .potm, .potx, .ppam, pps, .ppsx, .ppt, .pptm, .pptx |
Updated 8 days ago