Strict validation of attachment types

Few days ago, Vincenzo Luzzi, a fellow Maximo senior consultant working with me in Omninecs, forwarded this secret tip to me. I haven’t tested it but think I could be useful for the community.

You know you can control what types of attachments can be uploaded to Maximo using the system property mxe.doclink.doctypes.allowedFileExtensions.

However Maximo just checks the file extension and is not performing any additional check to ensure other types of files are uploaded to its repository. Starting from Maximo 7.6.0.6 you can implement a more strict file type scanning when you upload an attached document.

The class must implement com.ibm.tivoli.maximo.doclink.AbstractFileVerification and is registered with the mxe.doclink.FileValidationClass system property.

System Property

First of all you have to create the following System Property:

  • Property Name: mxe.doclink.doctypes.deniedFileHeader
  • Description: Denied file headers (hexsignature,description;hexsignature,description;…)
  • Global Value: 504B,zip;526172211A07,rar;4344303031,iso;7573746172,tar;377ABCAF271C,7z;1F8B,gzip
  • Data Type: ALN

The values are couples of HEX signature and file type separated by commas and semicolons. File signatures are well documented on Wikipedia.

Validation Class

SET della System Property  mxe.doclink.FileValidationClass con il valore cust.psdi.webclient.beans.doclinks.FileHeaderValidation Classe personalizzata che estende la AbstractFileVerification.

Error Message

Create a custom message.

  • Message Group: doclink
  • Message Key: errordoclinkinvalidheader
  • Message ID Prefix: BMXZZ
  • Message ID Suffix:E
  • Value: {0}
  • Buttons: OK

Validation Class

Create the following custom class cust.psdi.webclient.beans.doclinks.FileHeaderValidation and add it to the maximouiweb folder.

//**********************************************************
// Upload doclinks type files validation using file header
//**********************************************************
package cust.psdi.webclient.beans.doclinks;

import java.rmi.RemoteException;
import psdi.util.MXApplicationException;
import com.ibm.tivoli.maximo.doclink.AbstractFileVerification;
import psdi.server.MXServer;

public class FileHeaderValidation extends AbstractFileVerification {

@Override
public void scanFile(String arg0, byte[] arg1) throws MXApplicationException {
    // *** Get params value
    String filename = arg0;
    String header20 = "";
    for (int i = 0; i < 10; i++) {
        header20 += String.format("%02x", arg1[i]);
    }
    header20 = header20.toUpperCase();   

    // *** Get value for mxe.doclink.doctypes.deniedFileHeader
    try {
        String deniedFileHeader = MXServer.getMXServer().getProperty("mxe.doclink.doctypes.deniedFileHeader");
        String[] deniedHead = deniedFileHeader.split(";");
        // *** Verify file header
        for (int i = 0; i < deniedHead.length; i++) {
            String[] myHead = deniedHead[i].split(",");
            int myHeadLen = myHead[0].length();
            if (myHeadLen>19) {
                myHeadLen = 19;
            }
            // Check if the header is not allowed
            if (header20.substring(0, myHeadLen).toUpperCase().equals(myHead[0].toUpperCase())){
                Object[] param = { "File not allowed " + filename };
                throw new MXApplicationException("doclink", "errordoclinkinvalidheader", param);
            }
        }

    } catch (RemoteException e) {
        String msg = "Property mxe.doclink.doctypes.deniedFileHeader not found";
        Object[] param = { msg };
        throw new MXApplicationException("doclink", "errordoclinkinvalidheader", param);
    }
}
}
Strict validation of attachment types

Leave a Reply

Your email address will not be published.


Scroll to top