Uploaded image for project: 'Crucible'
  1. Crucible
  2. CRUC-8518

As an admin I would like to restrict attachments by file type

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      It would be helpful to have the option to prevent attachments of a certain file type.

      A specific use case would be to prevent executable files from being uploaded as an attachment to a review eg.:

      The application allows only a set of file types, which, depending on the situation could be pdf, txt, images, etc. The application would avoid allowing files containing executable/script files (EXE, AS, JAR, MSI, BAT).

      Workaround

      Using the File types/extensions mentioned in the use case the following Byteman script was written and tested against Fisheye running on a Linux machine:

      # This is a workaround for CRUC-8518
RULE addFileToReview_intercept_file_arg
CLASS com.atlassian.crucible.spi.impl.DefaultReviewService
METHOD addFileToReview
AT ENTRY
BIND invalid_file_types:String[] = {"exe", "as", "jar", "msi", "bat"}
IF (java.util.Arrays.asList(invalid_file_types).contains(com.google.common.io.Files.getFileExtension($2.getName()).toLowerCase()))
DO
THROW new RuntimeException("invalid file type")
ENDRULE

RULE addFileToReview_intercept_diff_arg
CLASS com.atlassian.crucible.spi.impl.DefaultReviewService
METHOD addFileToReview
AT ENTRY
BIND invalid_file_types:String[] = {"exe", "as", "jar", "msi", "bat"}
IF (java.util.Arrays.asList(invalid_file_types).contains(com.google.common.io.Files.getFileExtension($3.getName()).toLowerCase()))
DO
THROW new RuntimeException("invalid file type")
ENDRULE

      Windows specific caveat

      This should also work on a Windows host machine however, if there are SVN repos added in a Windows environment where Fisheye is started as a service, the boot path must be specified when enabling Byteman, eg.:
      1. Go to <Fisheye installation directory>\bin and execute either service.bat manage or prunmgr.exe "//ES//<SERVICE_NAME>", where <SERVICE_NAME> is the Windows Service name used by Fisheye.
      2. In the Atlassian Fisheye Properties window that will open, go to Java tab
      3. Add the following in a new line in Java Options field:

      -javaagent:<Fisheye installation directory>\tools\byteman\lib\byteman.jar=boot:<Fisheye installation directory>\tools\byteman\lib\byteman.jar,listener:true,script:<full path to the>\addFileToReviewIntercept.btm

      Replacing the path placeholders accordingly.
      4. Go to General tab, then stop and start the service

      If this is not done, enabling Byteman could lead to an issue where SVN stops working and class loader exceptions are thrown.

        1. screenshot-1.png
          screenshot-1.png
          75 kB

              Unassigned Unassigned
              nhansberry Nate Hansberry
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: