Skip to content

File types will be restricted to only those that are necessary for business functionality. #103

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ChasNelson1990 opened this issue Jun 27, 2024 · 6 comments
Open

File types will be restricted to only those that are necessary for business functionality. #103

ChasNelson1990 opened this issue Jun 27, 2024 · 6 comments
Labels
requirement Client requirement for the project

Comments

@ChasNelson1990
Copy link
Member

File types will be restricted to only those that are necessary for business functionality.

Relates #36
@ChasNelson1990 ChasNelson1990 added enhancement New feature or request requirement Client requirement for the project and removed enhancement New feature or request labels Jun 27, 2024
@ChasNelson1990 ChasNelson1990 changed the title [Requirement]: File types will be restricted to only those that are necessary for business functionality. File types will be restricted to only those that are necessary for business functionality. Jun 28, 2024
@A-Souhei
Copy link
Contributor

A-Souhei commented Jul 5, 2024
edited
Loading

https://docs.ckan.org/en/2.9/maintaining/configuration.html?highlight=xml#datapusher-settings.

While it is possible to define the file format, it doesn't seem like there is a native way to block unwanted extensions from being uploaded, will continue investigation

@ChasNelson1990
Copy link
Member Author

@A-Souhei what about using some sort of validator? We could add this as part of our fileupload JS code... but is there something built into CKAN too?

@A-Souhei
Copy link
Contributor

A-Souhei commented Jul 10, 2024
edited
Loading

@ChasNelson1990 We can probably use a combination of an existing extension like scheming with a custom validator. Although I am not sure how to do it clearly, it should be possible, I'll investigate more.

@A-Souhei
Copy link
Contributor

May be https://github.com/data-govt-nz/ckanext-security ? Or overkill ?

@ChasNelson1990
Copy link
Member Author

Wow, this really was a great find. I would 100% be interested in reading more and maybe trying this extension out.

@A-Souhei A-Souhei mentioned this issue Jul 12, 2024
Open
@ChasNelson1990
Copy link
Member Author

This came from a WHO Cybersecurity requirement - it may not be needed for ZaRR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
requirement Client requirement for the project
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ChasNelson1990 @A-Souhei