Hello All,
In this post let us try to put restriction on the Type of files while adding new Attachments.
The Logic is pretty simple,
1. Identify the Target Attachment BC
2. Identify the File Type Field
3. Write Script on PreWriteRecord of Business Component
In any attachment applet, we can see the Fields Name, Size (in Bytes) ,Type etc.
Lets Try to write a Piece of Code to fetch the Type of File:
The code below prevent to attach exe, msi or apk files that can be cause potential threats to system
function BusComp_PreWriteRecord () { var ext= GetFieldValue("FileExt"); //Get the File Extension switch(ext) { case "exe": TheApplication().RaiseErrorText("This Type of File is Not Allowed"); break; case "EXE": TheApplication().RaiseErrorText("This Type of File is Not Allowed"); break; case "msi": TheApplication().RaiseErrorText("This Type of File is Not Allowed"); break; case "apk": TheApplication().RaiseErrorText("This Type of File is Not Allowed"); break; case "APK": TheApplication().RaiseErrorText("This Type of File is Not Allowed"); break; default: //do nothing } } |
Error Popup on Save Record:
Hi Rahul,
ReplyDeletewe use the System Preference "DCK:Excluded File Ext" in order to avoid some file types. See https://docs.oracle.com/cd/F14158_13/books/Secur/siebel-security-hardening.html#c_Enable_File_Extension_Checking_ai1195860f or "Restrict File Type Upload (Doc ID 2561709.1)"
Regards,
Jose Luis
This comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThank you Rahul for sharing your knowledge here.. this will definitely work for handling exceptional files on specific scenarios, but are you going to write this code on all the attachment Business Components.
ReplyDeleteIf We want to apply this rule across the application (which is our objective here as you said to keep system virus and malicious files free) I would suggest you to use System Preferences and add the file ext. Under "DCK : exclude file ext n".
Thanks for sharing, Rahul!
ReplyDeleteYou might also consider consolidating the case statements since they have the same outcome:
switch(ext) {
case "exe":
case "EXE":
case "msi":
case "apk":
case "APK":
TheApplication().RaiseErrorText("This Type of File is Not Allowed");
break;
default:
}