[MGNLEE-829] Port to Master: Compromised JS files only checked if they are zipped Created: 13/Nov/23  Updated: 14/Dec/23  Resolved: 17/Nov/23

Status: Closed
Project: Magnolia DX Core
Component/s: None
Affects Version/s: None
Fix Version/s: 6.3.0

Type: Bug Priority: Neutral
Reporter: Carlos Cantalapiedra Assignee: ricardo gonzalez
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: 0d
Time Spent: 0.5h
Original Estimate: Not Specified

Issue Links:
Cloners
clones MGNLEE-828 Compromised JS files only checked if ... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[X]* Steps to reproduce, expected, and actual results filled
[X]* Affected version filled
Release notes required:
Yes
Epic Link: AuthorX Support
Team: AuthorX
Work Started:
Approved:
Yes

 Description   

Steps to reproduce

  1. Go to Demo and open the Assets app
  2. Click on upload new asset and within the detail view, select the test.js file
  3. Upload it and check no security check is performed (asset uploaded)
  4. Now try the "Upload zip archive" with the test.js.zip file
  5. Check the security check prevents the user to upload the file

Expected results

Validator should detect correct mimeType for file. Javascript file could be uploaded if zipped or not. 

Actual results

If not zipped, the file is uploaded

Workaround

N/A

Development notes

N/A


Generated at Mon Feb 12 05:33:39 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.