Story #26: Validate File Extension Using Whitelist - Tingg - Redmine

Actions

Copy link

Story #26

open

Epic #25: Malicious File Upload Prevention

Validate File Extension Using Whitelist

Added by rashmita rout about 2 months ago. Updated about 2 months ago.

Status:

New

Priority:

High

Assignee:

Tingg FE

Target version:

Start date:

01/05/2026

Due date:

% Done:

Estimated time:

Acceptance Criteria:

1. Only whitelisted file extensions are allowed

2. Executable extensions (.exe, .dll, .bat, .sh, etc.) are blocked

3. Validation enforced at server side

Same validation applied at frontend and API

4. Upload rejected with safe error message if extension is invalid

DOR:

Story Points:

Work Type:

Feature

User Impact:

Technical Area:

Release Narrative:

Planned Sprint:

Completed In Sprint:

Spillover Reason:

Deployment Reference URL:

Description

1. Application should check allowed File extension and File type (MIME Type- Multipurpose Internet Mail Extensions) in the upload module using white-list filter at server side.

2. Files with executable extensions like .exe, .dll, .bat, .sh, etc. are not allowed. Implemented in both Front end and API also.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Tingg

Custom queries

Story #26

Validate File Extension Using Whitelist

Updated by rashmita rout about 2 months ago

Updated by rashmita rout about 2 months ago

Updated by rashmita rout about 2 months ago