initial files but likely to change

DefectDojo · Nov 1, 2024 · c575dee · c575dee
1 parent abb7735
commit c575dee
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 0 deletions.
diff --git a/dojo/importers/base_importer.py b/dojo/importers/base_importer.py
@@ -1,5 +1,6 @@
 import base64
 import logging
+from pathlib import Path
 from typing import List, Tuple
 
 from django.conf import settings
@@ -686,6 +687,21 @@ def process_files(
             for unsaved_file in finding.unsaved_files:
                 data = base64.b64decode(unsaved_file.get("data"))
                 title = unsaved_file.get("title", "<No title>")
+                valid_extensions = settings.FILE_UPLOAD_TYPES
+
+                if Path(title).suffix not in valid_extensions:
+                    if accepted_extensions := f"{', '.join(valid_extensions)}":
+                        msg = (
+                            "Unsupported extension. Supported extensions are as "
+                            f"follows: {accepted_extensions}"
+                        )
+                    else:
+                        msg = (
+                            "File uploads are prohibited due to the list of acceptable "
+                            "file extensions being empty"
+                        )
+                    raise ValidationError(msg)
+
                 file_upload, _ = FileUpload.objects.get_or_create(title=title)
                 file_upload.file.save(title, ContentFile(data))
                 file_upload.save()

diff --git a/unittests/scans/generic/test_with_image_no_ext.json b/unittests/scans/generic/test_with_image_no_ext.json