[BE/QA] 10-10EZR - Prevent users from uploading attachments with invalid file types

department-of-veterans-affairs / va.gov-team

Public resources for building on and in support of VA.gov. Visit complete Knowledge Hub:

https://depo-platform-documentation.scrollhelp.site/index.html

283 stars 204 forks source link

[BE/QA] 10-10EZR - Prevent users from uploading attachments with invalid file types #93248

Closed JoshingYou1 closed 1 month ago

JoshingYou1 commented 1 month ago

We had several incidences where the user altered the file extension of an attachment on the frontend in order to circumvent validation. They were then able to successfully upload the document. However, because VES only accepts certain file types, the submissions would ultimately fail.

[x] Disallow users from being able to manually change the file extension of a file and create it.
[x] Write tests
[x] QA

JoshingYou1 commented 1 month ago

Refer to the discovery ticket here: #92710

allanto-ah commented 1 month ago

Environment: Staging

Verified that users are unable to upload attachments with invalid file types. Users are able to upload file types that are supported as expected.