Why use Attachment Checker
A common use case for Attachment Checker is file type checking.
It address CWE-434 (Unrestricted Upload of File with Dangerous Type) since it is possible for attacker to upload/transfer files of dangerous types that can be automatically processed within the product’s environment.
While Jira’s in-built feature allows you to restrict unwanted file extensions for better security, there are some issues not addressed:
Users can easily bypass the check by renaming file extensions
Attachments uploaded through 3rd party apps are not checked
MIME type check
Attachment Checker helps to prevent extension bypass with 2 layers of checking:
Extension check – based on the filename of the attachment
MIME type check – based on the content of the attachment
Check out Restrict attachments by file type to find out more!
Support for 3rd party apps
Currently, Attachment Checker supports attachments uploaded through the following apps:
Let us know if you would like us to support other apps not in the list!
Utility Tool for Attachments
It is a suite packed with Features to manage attachments in Jira.