Skip to main content
Skip table of contents

Configuring Allowed or Blocked File Types

Introduction

A commonly raised finding in Vulnerability Assessment Tests is CWE-434 (Unrestricted Upload of File with Dangerous Type). With File Type Checker, it is now possible to address this security best practice by configuring the list of file extensions allowed or denied.

Whenever a file is uploaded to a Jira work item, File Type Checker will check the attachment’s file type against the configured list of allowed/denied extensions. If the file type is not authorised, File Type Checker will post a comment to alert the user to remove the file.

File Type Checker Comment.png

Steps

  1. From the top menu bar, go to Settings > Apps

  2. Look for File Type Checker under Apps section on the left sidebar

  3. Click the Edit Settings button

  4. It is possible to configure

    File Type Checker configuration setting.png

  1. Click the Save button to update the settings.

Configuration Settings

Setting

Description

Filter Mode

  • If Allowlist mode is selected, only those extensions specified are allowed.

  • If Denylist mode is selected, all extensions except those specified are allowed.

File Extensions

A comma delimited list of file extensions

Always allow files without extension

If this is checked, files without any extensions are allowed

Error Message

A customizable error message that will be added as comment whenever an unauthorised file is uploaded

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close