Document toolboxDocument toolbox

Why use Attachment Checker

Owned by Angela Teo
Last updated: Jun 26, 2024 by Hua Soon SIM [Akeles]
1 min read

A common use case for Attachment Checker is file type checking.
It address CWE-434 (Unrestricted Upload of File with Dangerous Type) since it is possible for attacker to upload/transfer files of dangerous types that can be automatically processed within the product’s environment.

While Jira’s in-built feature allows you to restrict unwanted file extensions for better security, there are some issues not addressed:

  • Users can easily bypass the check by renaming file extensions

  • Attachments uploaded through 3rd party apps are not checked

 

MIME type check

Attachment Checker helps to prevent extension bypass with 2 layers of checking:

  1. Extension check – based on the filename of the attachment

  2. MIME type check – based on the content of the attachment

acj 2 layers of filter.png

Check out to find out more!

 

Support for 3rd party apps

Currently, Attachment Checker supports attachments uploaded through the following apps:

  1. Assets

  2. Xray Test Management for Jira

  3. Zephyr Scale - Test Managerment for Jira

Let us know if you would like us to support other apps not in the list!

 

Utility Tool for Attachments

It is a suite packed with to manage attachments in Jira.