Skip to Main Content

How to validate the actual file content and file type of File Browse item?

AllenS.Aug 11 2021

One of our APEX application went thru penetration testing from our IT Security department. I placed validations that checks the mime-type from APEX_APPLICATION_TEMP_FILES to see if it is supported (pdf, png, jpg) per business requirements. For some reason, they are able to bypass this validation using some tool. I then added a validation on the Process before the file is uploaded in the actual table. Unfortunately they were still able to trick the process by uploading a supported file type but then modified it's content using their tool and changed it to a PowerShell script. Mime-type remained image/jpg but the content was changed.
Does APEX provide a facility to check the file content making sure it is according to its mime-type?
Appreciate any feedback.

This post has been answered by AndyH on Aug 12 2021
Jump to Answer
Post Details
Added on Aug 11 2021