Allowed File Extensions in Cards
By default, you can attach a file of any extension to a card. It is possible to strengthen your system safety by creating the allowlist of file extensions. It will prevent your users from uploading files of unwanted formats, including those that might contain hidden malicious code, such as .js, .swf, and such.
To create the allowlist of file extensions, do the following:
Open the
/etc/findface-security/config.pyconfiguration file.sudo vi /etc/findface-security/config.py
In the
FFSECURITYsection, find theCARD_ATTACHMENTS_FILENAME_REGEXPparameter. Set an expression with the allowed file extensions. Any valid Python regular expression will do.Examples:
r'.*\.png': allows only files with the.pngextensionr'.*\(png|jpg)': allows the.pngand.jpgextensionsr'.*': allows all file extensionsNone: allows all file extensions'XXXXXX': uploading files of any extension is prohibited
FFSECURITY = { ... 'CARD_ATTACHMENTS_FILENAME_REGEXP': r'.*\.txt', ... }
Tip
Commenting out the
CARD_ATTACHMENTS_FILENAME_REGEXPparameter also allows all file extensions.Restart the
findface-securityservice.sudo systemctl restart findface-security.service