Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

6
Replies
7784
Views
SaqibK05 Member since 2015 1 post
Bank of America
Posted: Jan 5, 2017
Last activity: Jan 24, 2017
Closed
Solved

How do I limit file extensions upon uploading file

Is there a way to limit the types of files when uploading a file on pzPostFile section under PegaSocial-Message context? It seems Pega does not have a limiation of the file extensions and user can upload some malicious code by uploading an exe file.

***Updated by moderator: Lochan to add Categories***

To see attachments, please log in.
Data Integration

Accepted Solution

Posted: 8 years ago

Your code has to call CallVirusCheck which is a dummy activitiy and available .You can twig this activity to check the extension of the file and set message accordingly.

I guess that is one option to override and add some validation. But the intention of this CallVirusCheck is to do custom implementation for virus check.

But as of the existing implementation I think this is the only extension available.

Hope this helps.

Regards,

Sudhish OP

 

 

To see attachments, please log in.
Posted: 8 years ago

Not tried at my end, but can you add a Validate rule to the  'pxAttachName' property.

For eg, limiting attachments to only PDF files, so the rule would look like:

return theValue.toLowerCase().endsWith(".pdf");

To see attachments, please log in.
Posted: 8 years ago
On upload, you can do a check on the extension of the file that is being uploaded. I think you can make use of the VirusCheck extension point in the pxUploadFile activity. Regards, Ratan.
To see attachments, please log in.

Accepted Solution

Posted: 8 years ago

Your code has to call CallVirusCheck which is a dummy activitiy and available .You can twig this activity to check the extension of the file and set message accordingly.

I guess that is one option to override and add some validation. But the intention of this CallVirusCheck is to do custom implementation for virus check.

But as of the existing implementation I think this is the only extension available.

Hope this helps.

Regards,

Sudhish OP

 

 

To see attachments, please log in.
Posted: 8 years ago

I have implemented this requirement by adding an access-when rule which calls a decision table to verify allowed file types.

I used a function like: @String.whatComesAfterLast(.pxAttachName,'.')

Then refer this access-when rule on the access role to object of the Data-WorkAttach-File class, in the Write Instances field.

As soon as the system tries to save the attachment, it wil check the access-when rule and decision table, and will stop the object from saving and returns an error message.

Show More

I have implemented this requirement by adding an access-when rule which calls a decision table to verify allowed file types.

I used a function like: @String.whatComesAfterLast(.pxAttachName,'.')

Then refer this access-when rule on the access role to object of the Data-WorkAttach-File class, in the Write Instances field.

As soon as the system tries to save the attachment, it wil check the access-when rule and decision table, and will stop the object from saving and returns an error message.

This save happens very soon after the CallVirusCheck extension point, so it seems similarly safe.


Show Less
To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice