Second Layer of Filter: MIME Type Checking
For each configured extension, Attachment Checker retrieves and displays a list of associated extensions which maps to the same MIME type. For security reasons, MIME type guessing has led to security exploits where the contents of a dangerous file are processed, despite having an incorrect MIME type. Thus, serving content using the correct MIME type is to prevent malicious content from affecting user's devices.
Within both filter modes, Attachment Checker now provides a second layer of filter – MIME Type Checking, which prevents the bypass of the first layer of filter – Extension Checking by renaming the extension. Please refer to Release Notes for 2.4.1 on how MIME Type Checking for more information.
Filtering Modes
Attachment Checker for Jira offers 2 types of filtering mode.
...
Whitelisting Mode
(Default)
...
Only file types that is configured are allowed to be attached and uploaded into Jira. All other file types will be blocked.
This mode is useful when administrators want to restrict the file types to be allowed.
For example, the List of extensions is configured to be JPG, PNG, GIF, SVG.
Only JPG (associated extensions: JPEG, JPE, JIF, JFIF, JFI), PNG, GIF and SVG (associated extensions: SVGZ) files will be allowed.
...
Blacklisting Mode
...
Only file types that is configured are blocked from being attached and uploaded into Jira. All other file types will be allowed.
This mode is useful when administrators want to block certain file types (e.g. file types that are known to transmit viruses).
For example, the List of extensions is configured to be EXE.
Only EXE (associated extensions: DLL, COM, BAT) files will be blocked.
...
title | Recommended list of types to whitelist |
---|
You can use the following list of attachments
- Images - gif,jpg,png
- Text files - txt, log, xml
- Office Documents - doc, docx, xls, xlsx, ppt, pptx, pdf
...
Attachment Checker allows admin to restrict the types of attachment uploaded through File Type Blocking.
Table of Contents | ||||
---|---|---|---|---|
|
...
2 layers of filter
The file type blocking consist of the extension check and mime type check.
...
Extension check is based on the filename of the attachment. For example, if filename is myAttachment.jpg
, the extension will be jpg
.
Mime type check is based on the contents of the attachment. It prevents the bypass of extension check by renaming or removing the extension.
Info |
---|
Apache Tika is used to detect the mime type of the attachment uploaded. Refer to Supported Document Formats to find out which file types are supported. |
...
2 filter modes
Attachments can be filtered based on:
Allowlist → Only file types listed are allowed to be uploaded
Denylist → Only file types listed are blocked from being uploaded
Allowlist | Denylist | ||||
---|---|---|---|---|---|
For example, extensions is configured to: jpg, png, gif, svg Only the following files will be allowed:
| For example, extensions is configured to: exe Only the following files will be blocked:
|
...
Recommended file types
You can use the following list of extensions:
Code Block |
---|
gif, jpg, png, txt, log, xml, doc, docx, xls, xlsx, ppt, pptx, pdf |
Images:
gif, jpg, png
Text files:
txt, log, xml
Office documents:
doc, docx, xls, xlsx, ppt, pptx, pdf
...
References
Info |
---|
Refer to Which file types are safe for more info. |