Uploaded image for project: 'Crucible'
  1. Crucible
  2. CRUC-8518

As an admin I would like to restrict attachments by file type

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      It would be helpful to have the option to prevent attachments of a certain file type.

      A specific use case would be to prevent executable files from being uploaded as an attachment to a review eg.:

      The application allows only a set of file types, which, depending on the situation could be pdf, txt, images, etc. The application would avoid allowing files containing executable/script files (EXE, AS, JAR, MSI, BAT).

      Workaround

      Using the File types/extensions mentioned in the use case the following Byteman script was written and tested against Fisheye running on a Linux machine:

      # This is a workaround for CRUC-8518
      RULE addFileToReview_intercept_file_arg
      CLASS com.atlassian.crucible.spi.impl.DefaultReviewService
      METHOD addFileToReview
      AT ENTRY
      BIND invalid_file_types:String[] = {"exe", "as", "jar", "msi", "bat"}
      IF (java.util.Arrays.asList(invalid_file_types).contains(com.google.common.io.Files.getFileExtension($2.getName()).toLowerCase()))
      DO
      THROW new RuntimeException("invalid file type")
      ENDRULE
      
      RULE addFileToReview_intercept_diff_arg
      CLASS com.atlassian.crucible.spi.impl.DefaultReviewService
      METHOD addFileToReview
      AT ENTRY
      BIND invalid_file_types:String[] = {"exe", "as", "jar", "msi", "bat"}
      IF (java.util.Arrays.asList(invalid_file_types).contains(com.google.common.io.Files.getFileExtension($3.getName()).toLowerCase()))
      DO
      THROW new RuntimeException("invalid file type")
      ENDRULE
      

      Windows specific caveat

      This should also work on a Windows host machine however, if there are SVN repos added in a Windows environment where Fisheye is started as a service, the boot path must be specified when enabling Byteman, eg.:
      1. Go to <Fisheye installation directory>\bin and execute either service.bat manage or prunmgr.exe "//ES//<SERVICE_NAME>", where <SERVICE_NAME> is the Windows Service name used by Fisheye.
      2. In the Atlassian Fisheye Properties window that will open, go to Java tab
      3. Add the following in a new line in Java Options field:

      -javaagent:<Fisheye installation directory>\tools\byteman\lib\byteman.jar=boot:<Fisheye installation directory>\tools\byteman\lib\byteman.jar,listener:true,script:<full path to the>\addFileToReviewIntercept.btm
      

      Replacing the path placeholders accordingly.
      4. Go to General tab, then stop and start the service

      If this is not done, enabling Byteman could lead to an issue where SVN stops working and class loader exceptions are thrown.

          Form Name

            [CRUC-8518] As an admin I would like to restrict attachments by file type

            Atlassian Update – 8 July 2024

            Hi everyone,

            We have recently reviewed this issue and the overall interest in the problem. As the issue hasn't collect votes, watchers, comments, or support cases from many customers during its lifetime, it's very low on our priority list, and will not be fixed in the foreseeable future. That's why we've decided to resolve it as Not Being Considered.

            Although we're aware the issue is still important to those of you who were involved in the conversations around it, we want to be clear in managing your expectations. The Fisheye&Crucible team is focusing on issues that have broad impact and high value, reflected by the number of comments, votes, support cases, and customers interested. Please consult the Implementation of New Features Policy for more details.

            We understand how disappointing this decision may be, but we hope you'll appreciate our transparent approach and communication. Atlassian will continue to watch this issue for further updates, so please feel free to share your thoughts in the comments.

            Kind regards
            Marek Parfianowicz
            Principal Engineer

            Marek Parfianowicz added a comment - Atlassian Update – 8 July 2024 Hi everyone, We have recently reviewed this issue and the overall interest in the problem. As the issue hasn't collect votes, watchers, comments, or support cases from many customers during its lifetime, it's very low on our priority list, and will not be fixed in the foreseeable future. That's why we've decided to resolve it as Not Being Considered . Although we're aware the issue is still important to those of you who were involved in the conversations around it, we want to be clear in managing your expectations. The Fisheye&Crucible team is focusing on issues that have broad impact and high value, reflected by the number of comments, votes, support cases, and customers interested. Please consult the Implementation of New Features Policy for more details. We understand how disappointing this decision may be, but we hope you'll appreciate our transparent approach and communication. Atlassian will continue to watch this issue for further updates, so please feel free to share your thoughts in the comments. Kind regards Marek Parfianowicz Principal Engineer

            A potential work-around:

            • write a script intercepting

            com.atlassian.crucible.spi.impl.DefaultReviewService#addFileToReview(PermId<ReviewData> id, FileData file, FileData diff)

            and throw an exception if com.atlassian.crucible.spi.services.FileData#getContentType or com.atlassian.crucible.spi.services.FileData#getName contains restricted content for file or diff argument

            • enable Byteman in Fisheye/Crucible and load the script

            References:

            Marek Parfianowicz added a comment - A potential work-around: write a script intercepting com.atlassian.crucible.spi.impl.DefaultReviewService#addFileToReview(PermId<ReviewData> id, FileData file, FileData diff) and throw an exception if com.atlassian.crucible.spi.services.FileData#getContentType or com.atlassian.crucible.spi.services.FileData#getName contains restricted content for file or diff argument enable Byteman in Fisheye/Crucible and load the script References: https://confluence.atlassian.com/fishkb/enable-byteman-for-additional-logging-in-fisheye-and-crucible-943956769.html https://byteman.jboss.org/docs.html

              Unassigned Unassigned
              nhansberry Nate Hansberry
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: