How do I limit file extensions upon uploading file
Is there a way to limit the types of files when uploading a file on pzPostFile section under PegaSocial-Message context? It seems Pega does not have a limiation of the file extensions and user can upload some malicious code by uploading an exe file.
***Updated by moderator: Lochan to add Categories***
Accepted Solution
Pegasystems Inc.
IN
Your code has to call CallVirusCheck which is a dummy activitiy and available .You can twig this activity to check the extension of the file and set message accordingly.
I guess that is one option to override and add some validation. But the intention of this CallVirusCheck is to do custom implementation for virus check.
But as of the existing implementation I think this is the only extension available.
Hope this helps.
Regards,
Sudhish OP
Pegasystems Inc.
IN
Not tried at my end, but can you add a Validate rule to the 'pxAttachName' property.
For eg, limiting attachments to only PDF files, so the rule would look like:
return theValue.toLowerCase().endsWith(".pdf");
Areteans Technology Solutions
AU
Accepted Solution
Pegasystems Inc.
IN
Your code has to call CallVirusCheck which is a dummy activitiy and available .You can twig this activity to check the extension of the file and set message accordingly.
I guess that is one option to override and add some validation. But the intention of this CallVirusCheck is to do custom implementation for virus check.
But as of the existing implementation I think this is the only extension available.
Hope this helps.
Regards,
Sudhish OP
Rabobank
NL
I have implemented this requirement by adding an access-when rule which calls a decision table to verify allowed file types.
I used a function like: @String.whatComesAfterLast(.pxAttachName,'.')
Then refer this access-when rule on the access role to object of the Data-WorkAttach-File class, in the Write Instances field.
As soon as the system tries to save the attachment, it wil check the access-when rule and decision table, and will stop the object from saving and returns an error message.
I have implemented this requirement by adding an access-when rule which calls a decision table to verify allowed file types.
I used a function like: @String.whatComesAfterLast(.pxAttachName,'.')
Then refer this access-when rule on the access role to object of the Data-WorkAttach-File class, in the Write Instances field.
As soon as the system tries to save the attachment, it wil check the access-when rule and decision table, and will stop the object from saving and returns an error message.
This save happens very soon after the CallVirusCheck extension point, so it seems similarly safe.