WORKTERRAProject Type: software

WORKTERRA

Uploaded image for project: 'WORKTERRA'
  1. WORKTERRA
  2. WT-1617

Executable (.exe/.dll) or image files should not be get uploaded as rate file with tampered extensions.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Platform
    • Labels:
      None
    • Environment:
      QA
    • Module:
      Platform - Security
    • Reported by:
      Harbinger
    • Item State:
      Production Complete
    • Issue Importance:
      Must Have
    • Sprint:
      Bugs-Must Fix- Pilot July2016

      Description

      1] Login to the application on local environment using following URL:
      https://wt-stage.harbinger.in
      2] From Home page search and select a company for which testing needs to be carried out using "Search Company" section.
      3] Click on "Ben Admin" menu.
      4] Click on "Customizer" icon from left navigation menu.
      5] Click on "Rates" link which is submenu of "Customizer", user gets navigate to "Rates" details page.
      6] Click on "Import" button displaying at top right hand side of the "Rates" page, the "Rate Import" window gets poped up, click on “Add New Rate” tab.
      7] Browse the file new rate file.
      8] Now browse a image or .exe/.dll file with whose extension is tampered. (i.e. extension changed to .xlsm/.xlsx)
      9] Click on "Upload" button.

      Actual Result:
      Application is allowing to upload such files and when user click on “Import Rate” button the Server error is displaying.
      Expected Result:
      Not supported extensions files (.txt, .pdf, image files, executable files etc) should not be get uploaded after tampering the extension.

        Attachments

        1. AfterFixVerification_QAChecklist_MIME.xlsx
          11 kB
        2. QAChecklist_MIME.xlsx
          11 kB
        3. RateImportErrorForXlsFile.jpg
          RateImportErrorForXlsFile.jpg
          151 kB
        4. screenshot-1.png
          screenshot-1.png
          231 kB
        5. TestRateUsedForTesting.xls
          6 kB
        6. UploadPDF.jpg
          UploadPDF.jpg
          138 kB

          Activity

          Ascending order - Click to sort in descending order
          kunal.kedari Kunal Kedari (Inactive) created issue -
          sujit.chopade Sujit Chopade (Inactive) made changes -
          Field Original Value New Value
          Assignee Sujit Chopade [ sujit.chopade ] Harshawardhan Phalake [ harshawardhan ]
          sujit.chopade Sujit Chopade (Inactive) made changes -
          Component/s Platform [ 10006 ]
          Component/s Xpress [ 10200 ]
          Module Parent values: Xpress(11100) Parent values: Platform(10106)Level 1 values: Security(10115)
          sujit.chopade Sujit Chopade (Inactive) made changes -
          Assignee Harshawardhan Phalake [ harshawardhan ] Satya [ ID10004 ]
          satyap Satya made changes -
          Assignee Satya [ ID10004 ] Samir [ samir ]
          satyap Satya made changes -
          Issue Importance Must Have [ 11800 ]
          satyap Satya made changes -
          Item State Parent values: LB QA(10201) Parent values: Development(10200)Level 1 values: Development Backlog(10205)
          samir Samir made changes -
          Assignee Samir [ samir ] Vijayendra Shinde [ ID10506 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Status Open [ 1 ] In Development [ 10007 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Item State Parent values: Development(10200)Level 1 values: Development Backlog(10205) Parent values: Development(10200)Level 1 values: In Progress(10206)
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Item State Parent values: Development(10200)Level 1 values: In Progress(10206) Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209)
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Item State Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209) Parent values: LB QA(10201)
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Status In Development [ 10007 ] Local Testing [ 10200 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Item State Parent values: LB QA(10201) Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209)
          rakeshr Rakesh Roy (Inactive) made changes -
          Status Local Testing [ 10200 ] Reopen in Local [ 10018 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Status Reopen in Local [ 10018 ] In Development [ 10007 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Item State Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209) Parent values: LB QA(10201)Level 1 values: LB Deployed(11600)
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Assignee Vijayendra Shinde [ ID10506 ] Kunal Kedari [ kunal.kedari ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Status In Development [ 10007 ] Local Testing [ 10200 ]
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Assignee Kunal Kedari [ kunal.kedari ] Vijayendra Shinde [ ID10506 ]
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Status Local Testing [ 10200 ] Reopen in Local [ 10018 ]
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Attachment UploadPDF.jpg [ 20002 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Status Reopen in Local [ 10018 ] In Development [ 10007 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Assignee Vijayendra Shinde [ ID10506 ] Kunal Kedari [ kunal.kedari ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Status In Development [ 10007 ] Local Testing [ 10200 ]
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Status Local Testing [ 10200 ] Reopen in Local [ 10018 ]
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Assignee Kunal Kedari [ kunal.kedari ] Vijayendra Shinde [ ID10506 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Status Reopen in Local [ 10018 ] In Development [ 10007 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Assignee Vijayendra Shinde [ ID10506 ] Kunal Kedari [ kunal.kedari ]
          satyap Satya made changes -
          Sprint Bugs-Must Fix- Pilot July2016 [ 16 ]
          satyap Satya made changes -
          Rank Ranked lower
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Item State Parent values: LB QA(10201)Level 1 values: LB Deployed(11600) Parent values: LB QA(10201)Level 1 values: In Testing(10210)
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Status In Development [ 10007 ] Local Testing [ 10200 ]
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Attachment QA_Checklist.xlsx [ 21711 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Assignee Kunal Kedari [ kunal.kedari ] Rajendra Joshi [ rajendraj ]
          rajendraj Rajendra Joshi (Inactive) made changes -
          Assignee Rajendra Joshi [ rajendraj ] Kunal Kedari [ kunal.kedari ]
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Attachment QA_Checklist.xlsx [ 21711 ]
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Attachment QAChecklist_MIME.xlsx [ 21907 ]
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Assignee Kunal Kedari [ kunal.kedari ] Vijayendra Shinde [ ID10506 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Assignee Vijayendra Shinde [ ID10506 ] Kunal Kedari [ kunal.kedari ]
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Attachment AfterFixVerification_QAChecklist_MIME.xlsx [ 21910 ]
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Item State Parent values: LB QA(10201)Level 1 values: In Testing(10210) Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213)
          kunal.kedari Kunal Kedari (Inactive) made changes -
          QA Kunal Kedari [ kunal.kedari ]
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Production Due Date 21/Jul/2016
          Stage Due Date 18/Jul/16 [ 2016-07-18 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Developer Vijayendra Shinde [ ID10506 ]
          gokul.sonawane Gokul Sonawane (Inactive) made changes -
          Item State Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213) Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602)
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Item State Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602) Parent values: Stage QA(10202)Level 1 values: In Testing(10214)
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Assignee Kunal Kedari [ kunal.kedari ] Vijayendra Shinde [ ID10506 ]
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Attachment RateImportErrorForXlsFile.jpg [ 22104 ]
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Attachment TestRateUsedForTesting.xls [ 22105 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Status Local Testing [ 10200 ] Reopen in Local [ 10018 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Item State Parent values: Stage QA(10202)Level 1 values: In Testing(10214) Parent values: Stage QA(10202)Level 1 values: Re-open(10216)
          rakeshr Rakesh Roy (Inactive) made changes -
          Status Reopen in Local [ 10018 ] In Development [ 10007 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Status In Development [ 10007 ] Local Testing [ 10200 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Status Local Testing [ 10200 ] Stage Testing [ 10201 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Resolution Unresolved [ 10200 ]
          Status Stage Testing [ 10201 ] Reopen in Stage [ 10023 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Attachment screenshot-1.png [ 23037 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Item State Parent values: Stage QA(10202)Level 1 values: Re-open(10216) Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602)
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Assignee Vijayendra Shinde [ ID10506 ] Kunal Kedari [ kunal.kedari ]
          satyap Satya made changes -
          Status Reopen in Stage [ 10023 ] In Development [ 10007 ]
          satyap Satya made changes -
          Status In Development [ 10007 ] Local Testing [ 10200 ]
          satyap Satya made changes -
          Status Local Testing [ 10200 ] Stage Testing [ 10201 ]
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Item State Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602) Parent values: Stage QA(10202)Level 1 values: In Testing(10214)
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Production Due Date 21/Jul/2016 04/Aug/2016
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Item State Parent values: Stage QA(10202)Level 1 values: In Testing(10214) Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217)
          rakeshr Rakesh Roy (Inactive) made changes -
          Item State Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217) Parent values: Stage QA(10202)Level 1 values: Production Deployment on Hold(10224)
          satyap Satya made changes -
          Item State Parent values: Stage QA(10202)Level 1 values: Production Deployment on Hold(10224) Parent values: Production QA(10203)Level 1 values: Production Deployed(10221)
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Item State Parent values: Production QA(10203)Level 1 values: Production Deployed(10221) Parent values: Production QA(10203)Level 1 values: In Testing(10218)
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Status Stage Testing [ 10201 ] Production Testing [ 10202 ]
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Resolution Unresolved [ 10200 ] Fixed [ 1 ]
          Status Production Testing [ 10202 ] Production Complete [ 10028 ]
          kunal.kedari Kunal Kedari (Inactive) made changes -
          Status Production Complete [ 10028 ] Closed [ 6 ]
          prasadp Prasad Pise (Inactive) made changes -
          Item State Parent values: Production QA(10203)Level 1 values: In Testing(10218) Parent values: Production Complete(10222)
          satyap Satya made changes -
          Environment_New LB [ 18444 ]

            People

            Assignee:
            kunal.kedari Kunal Kedari (Inactive)
            Reporter:
            kunal.kedari Kunal Kedari (Inactive)
            Developer:
            Vijayendra Shinde (Inactive)
            QA:
            Kunal Kedari (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Pre-Prod Due Date:
              Production Due Date: