Allowed File Extensions in Dossiers
By default, you can attach a file of any extension to a dossier. It is possible to strengthen your system safety by creating the allowlist of file extensions. It will prevent your users from uploading files of unwanted formats, including those that might contain hidden malicious code, such as .js, .swf, and such.
To create the allowlist of file extensions, do the following:
Open the
/etc/findface-security/config.pyconfiguration file.sudo vi /etc/findface-security/config.py
In the
FFSECURITYsection, find theDOSSIER_ATTACHMENTS_FILENAME_REGEXPparameter. Set an expression with the allowed file extensions. Any valid Python regular expression will do.Examples:
r'.*\.png': allows only files with the.pngextensionr'.*\(png|jpg)': allows the.pngand.jpgextensionsr'.*': allows all file extensionsNone/commented parameter: allows all file extensionsXXXXXX: uploading files of any extension is prohibited
FFSECURITY = { ... 'DOSSIER_ATTACHMENTS_FILENAME_REGEXP': r'.*\.txt', ... }
Restart the
findface-securityservice.sudo systemctl restart findface-security.service