[WT-1617] Executable (.exe/.dll) or image files should not be get uploaded as rate file with tampered extensions. - Workterra Jira

Details

Type: Bug
Status: Closed
Priority: Medium
Resolution: Done
Affects Version/s: None
Fix Version/s: None
Component/s: Platform
Labels:
None

Environment:

QA
Module:
Platform - Security
Reported by:
Harbinger
Item State:
Production Complete
Issue Importance:
Must Have
Sprint:
Bugs-Must Fix- Pilot July2016

Description

1] Login to the application on local environment using following URL:
https://wt-stage.harbinger.in
2] From Home page search and select a company for which testing needs to be carried out using "Search Company" section.
3] Click on "Ben Admin" menu.
4] Click on "Customizer" icon from left navigation menu.
5] Click on "Rates" link which is submenu of "Customizer", user gets navigate to "Rates" details page.
6] Click on "Import" button displaying at top right hand side of the "Rates" page, the "Rate Import" window gets poped up, click on “Add New Rate” tab.
7] Browse the file new rate file.
8] Now browse a image or .exe/.dll file with whose extension is tampered. (i.e. extension changed to .xlsm/.xlsx)
9] Click on "Upload" button.

Actual Result:
Application is allowing to upload such files and when user click on “Import Rate” button the Server error is displaying.
Expected Result:
Not supported extensions files (.txt, .pdf, image files, executable files etc) should not be get uploaded after tampering the extension.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

AfterFixVerification_QAChecklist_MIME.xlsx
11 kB
13/Jul/16 11:46 AM
QAChecklist_MIME.xlsx
11 kB
13/Jul/16 11:20 AM
RateImportErrorForXlsFile.jpg
151 kB
18/Jul/16 11:55 AM
screenshot-1.png
231 kB
01/Aug/16 02:37 PM
TestRateUsedForTesting.xls
6 kB
18/Jul/16 12:03 PM
UploadPDF.jpg
138 kB
16/Jun/16 09:23 AM

Activity

Descending order - Click to sort in ascending order

Hide

Permalink

Kunal Kedari (Inactive) added a comment - 08/Sep/16 04:38 AM

Fix is verified on Production environment, working as expected. Closing the issue.

Show

Kunal Kedari (Inactive) added a comment - 08/Sep/16 04:38 AM Fix is verified on Production environment, working as expected. Closing the issue.

Hide

Permalink

Kunal Kedari (Inactive) added a comment - 02/Aug/16 10:18 AM

Hi Vijayendra Shinde,

We can deploy this change to Production.

Show

Kunal Kedari (Inactive) added a comment - 02/Aug/16 10:18 AM Hi Vijayendra Shinde , We can deploy this change to Production.

Hide

Permalink

Vijayendra Shinde (Inactive) added a comment - 01/Aug/16 02:40 PM

This is not an issue. Issue is not reproducible.

Show

Vijayendra Shinde (Inactive) added a comment - 01/Aug/16 02:40 PM This is not an issue. Issue is not reproducible.

Hide

Permalink

Vijayendra Shinde (Inactive) added a comment - 01/Aug/16 02:39 PM - edited

Hi Kunal Kedari,

I tried uploading attached file "TestRateUsedForTesting.xls" on Stage Austin for HSPL company. It uploaded successfully. Please refer attached snapshot "screenshot-1.png"

Show

Vijayendra Shinde (Inactive) added a comment - 01/Aug/16 02:39 PM - edited Hi Kunal Kedari , I tried uploading attached file "TestRateUsedForTesting.xls" on Stage Austin for HSPL company. It uploaded successfully. Please refer attached snapshot "screenshot-1.png"

Hide

Permalink

Kunal Kedari (Inactive) added a comment - 18/Jul/16 12:03 PM

Hi Vijayendra Shinde,

Test file is attached with ticket.

Show

Kunal Kedari (Inactive) added a comment - 18/Jul/16 12:03 PM Hi Vijayendra Shinde , Test file is attached with ticket.

17 older comments

People

Assignee:: Kunal Kedari (Inactive)

Reporter:: Kunal Kedari (Inactive)

Developer:: Vijayendra Shinde (Inactive)

QA:: Kunal Kedari (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 01/Apr/16 07:01 AM

Updated:: 04/Nov/17 06:19 AM

Resolved:: 08/Sep/16 04:38 AM

Pre-Prod Due Date:: 18/Jul/2016

Production Due Date:: 04/Aug/2016