Problem

As an application developer, you need to fulfil a requirement to restrict certain file types that application users can attach, upload, or import in the application. You need to allow some file types and prohibit other file types in Attachments, File Upload, and Import actions in the application.

Prohibiting certain file types is important for security compliance within your enterprise.

You explored rules in the Pega Platform that you might change to enforce security around file types. However, they are all prefixed with pz- and, therefore, are reserved for internal use. You cannot change them for use as custom rules in your application. Examples are pzFileUploadGadget and pzDragDopMultiFileUpload.

Even after using a Validate rule with custom Java code and a Data Transform running after users select a file, the file cannot be Attached, Uploaded, or Imported. But the console logs indicate, erroneously, that the message File attached successfully.

Errors

Log message is incorrect:

File attached successfully.

Environments

The problem was reported for the following environments:

• Pega Platform™ version 8.4 on Pega Cloud 2.15.2
• Pega Platform version 8.7.2 on-premises

Suggested Approach

In the Attach Content gadget, upload a file using the pzMultiFilePath and pzMultiDragDrop controls.

These controls invoke the pyUploadFile activity to upload and process the selected file.

Modify this activity to include the required validation message in the Java step on the filetype property that holds the extension, as shown in the following code snippet.

//Snippet

Filetype property holds the extension of the uploaded file

if(filetype!="pdf" || filetype!="docx"){

        uploadStatus = "FileTypeNotSupported\t" + filetype;

        myStepPage.addMessage("FileTypeNotSupported\t" + filetype);

        oLog.infoForced("Line::::::: 157");

      }

OnClick of the Attach Content button after the file is uploaded invokes the AttachFile activity, which in turn invokes the CallVirus activity. 

To allow customization or to implement validation of the file type extension, modify this activity to include the logic in the Java step (Step 2) as shown in the figure below.

Here is the code snippet from the figure:

//Examples of setting statuses to pass back to calling Activity.

//Note:If no Virus is found,don't set value to the VirusCheckStatus parameter. If

// the VirusCheckStatus parameter begins with "Virus" the attachment addition

// process will terminate.

ClipboardPage page= tools.findPage("pyNewFileAttachment");

String fileName= page.getString("pxAttachName");

String fileext = fileName.substring(fileName.lastlndexOf('.') == -1 ? fileName.length() : fileName.lastlndexOf('.') + 1, fileName.length()); if(fileext!="docx" || fileext!="pdf"){

tools.putParamValue("VirusCheckStatus","Virus-Found");

}

//tools.putParamValue("VirusCheckStatus","Virus-Scan-Fail")

This validation allows .docx and .pdf file types only to be attached to the work item. If users attempt to attach another file type, the system displays the following error message:

You can customize the Validation message by modifying the text of the message AddAttachmentFailed. 

 File upload using the FilePath control requires implementation in the post-processing logic. See Troubleshooting FilePath issues.

Related Content

Product Documentation

Attachment types

Associating attachment categories with case types

Restricting user actions for case attachments

Attaching content to a case

Configuring the Attach content control

Enabling attaching files to an application

Support Documents

Troubleshooting FilePath issues

Support Center questions

How do I limit file extensions upon uploading file

How can you restrict file attachments by extension type for an entire application? (such as .exe)