WORKTERRAProject Type: software

WORKTERRA

Uploaded image for project: 'WORKTERRA'
  1. WORKTERRA
  2. WT-1617

Executable (.exe/.dll) or image files should not be get uploaded as rate file with tampered extensions.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Platform
    • Labels:
      None
    • Environment:
      QA
    • Module:
      Platform - Security
    • Reported by:
      Harbinger
    • Item State:
      Production Complete
    • Issue Importance:
      Must Have
    • Sprint:
      Bugs-Must Fix- Pilot July2016

      Description

      1] Login to the application on local environment using following URL:
      https://wt-stage.harbinger.in
      2] From Home page search and select a company for which testing needs to be carried out using "Search Company" section.
      3] Click on "Ben Admin" menu.
      4] Click on "Customizer" icon from left navigation menu.
      5] Click on "Rates" link which is submenu of "Customizer", user gets navigate to "Rates" details page.
      6] Click on "Import" button displaying at top right hand side of the "Rates" page, the "Rate Import" window gets poped up, click on “Add New Rate” tab.
      7] Browse the file new rate file.
      8] Now browse a image or .exe/.dll file with whose extension is tampered. (i.e. extension changed to .xlsm/.xlsx)
      9] Click on "Upload" button.

      Actual Result:
      Application is allowing to upload such files and when user click on “Import Rate” button the Server error is displaying.
      Expected Result:
      Not supported extensions files (.txt, .pdf, image files, executable files etc) should not be get uploaded after tampering the extension.

        Attachments

        1. AfterFixVerification_QAChecklist_MIME.xlsx
          11 kB
        2. QAChecklist_MIME.xlsx
          11 kB
        3. RateImportErrorForXlsFile.jpg
          RateImportErrorForXlsFile.jpg
          151 kB
        4. screenshot-1.png
          screenshot-1.png
          231 kB
        5. TestRateUsedForTesting.xls
          6 kB
        6. UploadPDF.jpg
          UploadPDF.jpg
          138 kB

          Activity

          Transition Time In Source Status Execution Times
          Vijayendra Shinde (Inactive) made transition -
          Open In Development
          		74d 4h 32m 1
          Rakesh Roy (Inactive) made transition -
          In LB Testing Reopen in Local
          		31d 13h 3m 4
          Rakesh Roy (Inactive) made transition -
          Reopen in Local In Development
          		8d 6h 33m 4
          Rakesh Roy (Inactive) made transition -
          Stage Testing Reopened in Stage
          		2s 1
          Satya made transition -
          Reopened in Stage In Development
          		16h 42m 1
          Satya made transition -
          In Development In LB Testing
          		8d 7h 19m 6
          Satya made transition -
          In LB Testing Stage Testing
          		6s 2
          Kunal Kedari (Inactive) made transition -
          Stage Testing In Production Testing
          		36d 21h 24m 1
          Kunal Kedari (Inactive) made transition -
          In Production Testing Production Complete
          		7s 1
          Kunal Kedari (Inactive) made transition -
          Production Complete Closed
          		2s 1

            People

            Assignee:
            kunal.kedari Kunal Kedari (Inactive)
            Reporter:
            kunal.kedari Kunal Kedari (Inactive)
            Developer:
            Vijayendra Shinde (Inactive)
            QA:
            Kunal Kedari (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Pre-Prod Due Date:
              Production Due Date: