Few days ago, Vincenzo Luzzi, a fellow Maximo senior consultant working with me in Omninecs, forwarded this secret tip to me. I haven’t tested it but think I could be useful for the community.
You know you can control what types of attachments can be uploaded to Maximo using the system property mxe.doclink.doctypes.allowedFileExtensions.
However Maximo just checks the file extension and is not performing any additional check to ensure other types of files are uploaded to its repository. Starting from Maximo 7.6.0.6 you can implement a more strict file type scanning when you upload an attached document.
The class must implement com.ibm.tivoli.maximo.doclink.AbstractFileVerification and is registered with the mxe.doclink.FileValidationClass system property.
System Property
First of all you have to create the following System Property:
- Property Name: mxe.doclink.doctypes.deniedFileHeader
- Description: Denied file headers (hexsignature,description;hexsignature,description;…)
- Global Value: 504B,zip;526172211A07,rar;4344303031,iso;7573746172,tar;377ABCAF271C,7z;1F8B,gzip
- Data Type: ALN
The values are couples of HEX signature and file type separated by commas and semicolons. File signatures are well documented on Wikipedia.
Validation Class
SET della System Property mxe.doclink.FileValidationClass con il valore cust.psdi.webclient.beans.doclinks.FileHeaderValidation Classe personalizzata che estende la AbstractFileVerification.
Error Message
Create a custom message.
- Message Group: doclink
- Message Key: errordoclinkinvalidheader
- Message ID Prefix: BMXZZ
- Message ID Suffix:E
- Value: {0}
- Buttons: OK
Validation Class
Create the following custom class cust.psdi.webclient.beans.doclinks.FileHeaderValidation and add it to the maximouiweb folder.
//**********************************************************
// Upload doclinks type files validation using file header
//**********************************************************
package cust.psdi.webclient.beans.doclinks;
import java.rmi.RemoteException;
import psdi.util.MXApplicationException;
import com.ibm.tivoli.maximo.doclink.AbstractFileVerification;
import psdi.server.MXServer;
public class FileHeaderValidation extends AbstractFileVerification {
@Override
public void scanFile(String arg0, byte[] arg1) throws MXApplicationException {
// *** Get params value
String filename = arg0;
String header20 = "";
for (int i = 0; i < 10; i++) {
header20 += String.format("%02x", arg1[i]);
}
header20 = header20.toUpperCase();
// *** Get value for mxe.doclink.doctypes.deniedFileHeader
try {
String deniedFileHeader = MXServer.getMXServer().getProperty("mxe.doclink.doctypes.deniedFileHeader");
String[] deniedHead = deniedFileHeader.split(";");
// *** Verify file header
for (int i = 0; i < deniedHead.length; i++) {
String[] myHead = deniedHead[i].split(",");
int myHeadLen = myHead[0].length();
if (myHeadLen>19) {
myHeadLen = 19;
}
// Check if the header is not allowed
if (header20.substring(0, myHeadLen).toUpperCase().equals(myHead[0].toUpperCase())){
Object[] param = { "File not allowed " + filename };
throw new MXApplicationException("doclink", "errordoclinkinvalidheader", param);
}
}
} catch (RemoteException e) {
String msg = "Property mxe.doclink.doctypes.deniedFileHeader not found";
Object[] param = { msg };
throw new MXApplicationException("doclink", "errordoclinkinvalidheader", param);
}
}
}