Forum Discussion

jvonschmacht's avatar
jvonschmacht
New Contributor
9 years ago

Shell scripts that should be part of a review are filtered out...

If the files end in .sh, they can't be found for reviews.

  • rmcfatter's avatar
    rmcfatter
    New Contributor

    Turns out that's a configurable setting.   "*.sh" is one of the default patterns in Admin -> General -> Restricted Files.  You can remove that pattern to enable reviews of .sh files.

     

    Presumably this restriction is protection against someone uploading a malicious shell script and getting people to execute it instead of just view it; the other files restricted by default are *.bat, *.exe, *.msi, and *.dmg.

     

    There are still three problems here:  First, that this security measure isn't very useful-- if you've got people uploading malicious files to reviews, or browsers/users who would launch any executable content they display, you've got bigger problems.  Second, the client's enforcement of this rule is entirely silent-- the user has no idea that some files were excluded, so critical errors might leak into your product.  Finally, the GUI's error message for this case is "Unsupported Media Type", which is misleading ("Restricted" != "Unsupported").