Hi all,
We have been working for a global website where anyone can come and make tickets and attach any attachment so we have some concerns about attachment api from SN. like we have given simple restapi for attachment table but when infosec(security team) checked all vulnerability they found the issue which are below about these do we have OOTB any functionality or do we need to make our own custom changes:
1. File Content Validation - validate file content to ensure it matches the intended file type, as attackers can sometimes alter file extensions to bypass type checks.
2. File Type Validation - Allow only filetype(eg-jpg,png,pdf) by checking the file type and MIME type.
3. File Size Restrictions - set maximum file size limits for uploads files to prevent denial of service (DoS) attacks by uploading excessively large files.
4. File Name Validation -Sanitize file names to remove special characters or potentially dangerous patterns, as some filenames can contain encoded paths or scripts
5. Enforce strict file size limits on both client and server sides - enforce strict file size limit on both client and server sides, validate file type.
