File-Type Upload Control
In the FintechOS Platform, you can control what types of files users can upload into the system.
This feature prevents users from uploading wrong file types, thus saving time from investigating errors and having to resubmit the files.
Enable the file-type upload control
By default, the file-type upload control is disabled. To enable it, add the following secret in Vault:
| Key Path | Key Name | Key Value |
|---|---|---|
| kv/<environment>/<application>/app-settings | feature.upload.filetype-check | true |
File-Type Upload Processing
If the file-type upload control is enabled, when uploading files using client scripts (using the ebs.upload function) or server automation scripts (using the uploadFile function), the system verifies the uploaded content against the file extension. The system will try to match the uploaded content (the bytes) with the provided file extension based on a list of files signatures.
Files signatures are available for the following file types: pdf, docx, xlsx, pptx, odt, ods, jpg/jpeg, doc, xls, ppt, rtf, xml, png, gif, bmp, mp4, csv, mkv.
No match, the file is uploaded
If the matching process does not find any match between the file content and the available file signatures then the upload is allowed.
Match, but the signature’s extension is not what the file says it is
if the matching process finds a match between the file extension and the available file signature, the system further checks the file internal type (that’s is, MIME type) which serves as an integrity check. If there is a mismatch between the two, that means that the internal type of the file does not correspond to what the file extension says it is and the file upload is not allowed. An error will be returned.
The user tries to upload a PNG file (the content has a PNG signature) that has a “.jpg” extension
Executable files
By design, if the matching process identifies that the uploaded content has an EXE or DLL signature then the upload is not allowed. An error will be returned.