Skip to content

Forbid posting blacklisted files #542

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 17 commits into from
Sep 1, 2022
Merged

Forbid posting blacklisted files #542

merged 17 commits into from
Sep 1, 2022

Conversation

@Mom0aut
Copy link
Contributor

@Mom0aut Mom0aut commented Aug 27, 2022
edited by Zabuzard
Loading

Close #484

Added BlacklistedAttachmentListener which delete any blacklisted file attachment. The listener sent a dm to the user and informs the Mods.

Scenario message with blacklisted file extension:

Posting message

image

User message was deleted

image

Response from listener

image

Message to the Mods

image

Scenario message without blacklisted file extension:

Posting message

image

Message wont be deleted

No blacklisted file extension found therefore no deletion 😄

Config

The config was slightly changed, the following was added:

"blacklistedFileExtension": [
        "application",
        "bat",
        "cmd",
        "com",
        "cpl",
        "exe",
        "gadget",
        "hta",
        "inf",
        "jse",
        "lnk",
        "msc",
        "msh",
        "msh1",
        "msh1xml",
        "msh2",
        "msh2xml",
        "mshxml",
        "msi",
        "msp",
        "pif",
        "ps1",
        "ps1xml",
        "ps2",
        "ps2xml",
        "psc1",
        "psc2",
        "scf",
        "scr",
        "vb",
        "vbe",
        "vbs",
        "ws",
        "wsc",
        "wsf",
        "wsh"
  ]

@Mom0aut Mom0aut requested review from a team as code owners August 27, 2022 15:25
@Mom0aut Mom0aut changed the title added AttachmentListener checks if the message attachment contains bl… Forbid posting exe files Aug 27, 2022
Taz03
Taz03 previously requested changes Aug 27, 2022
View reviewed changes
@Taz03 Taz03 changed the title Forbid posting exe files Forbid posting blacklisted files Aug 27, 2022
@Mom0aut Mom0aut requested a review from Taz03 August 27, 2022 16:50
Zabuzard
Zabuzard requested changes Aug 27, 2022
View reviewed changes
Copy link
Member

@Zabuzard Zabuzard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could u please improve ur PR description and also add some screenshots of all the dialogs please? Thanks

@marko-radosavljevic
Copy link
Contributor

marko-radosavljevic commented Aug 27, 2022 via email
edited
Loading

@Mom0aut
Copy link
Contributor Author

Mom0aut commented Aug 27, 2022

I would expand the list to all or almost all common widows executables. You can find many lists online, this was the first hit for me: https://www.howtogeek.com/137270/50-file-extensions-that-are-potentially-dangerous-on-windows/ There are a bunch of executables for linux/mac, but viruses for these are basically nonexistent, since it's very hard to do anything without necessary permissions. For example, you can't even run an executable without giving it explicit execute permission. So I think it's safe to ignore those two for now.

updated the list for windows file extensions

Zabuzard
Zabuzard requested changes Aug 27, 2022
View reviewed changes
@Mom0aut
Copy link
Contributor Author

Mom0aut commented Aug 27, 2022

Could u please improve ur PR description and also add some screenshots of all the dialogs please? Thanks

sure i posted the 2 scenarios with the listener 😄

Zabuzard
Zabuzard requested changes Aug 28, 2022
View reviewed changes
@Taz03
Copy link
Member

Taz03 commented Aug 28, 2022

remove the @NotNulls

Zabuzard
Zabuzard requested changes Aug 29, 2022
View reviewed changes
@Zabuzard
Copy link
Member

Zabuzard commented Sep 1, 2022

auto merging this on the weekend if no approves come in sooner 👍

@Zabuzard
Copy link
Member

Zabuzard commented Sep 1, 2022

actually, lets just go

@Zabuzard Zabuzard merged commit 8978945 into Together-Java:develop Sep 1, 2022
@Tais993
Copy link
Member

Tais993 commented Sep 1, 2022

auto merging this on the weekend if no approves come in sooner 👍

Mhm yes thanks

DevSerendipity
DevSerendipity reviewed Sep 26, 2022
View reviewed changes
@marko-radosavljevic
Copy link
Contributor

marko-radosavljevic commented Oct 11, 2022 via email

@Zabuzard
Copy link
Member

arent these already in the list? note that we kept some out to not hinder UX (jar, pdf)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marko-radosavljevic marko-radosavljevic marko-radosavljevic left review comments

@DevSerendipity DevSerendipity DevSerendipity left review comments

@SquidXTV SquidXTV SquidXTV left review comments

@Zabuzard Zabuzard Zabuzard approved these changes

@Taz03 Taz03 Awaiting requested review from Taz03

Assignees

@Mom0aut Mom0aut

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Forbid posting exe files

7 participants

@Mom0aut @marko-radosavljevic @Taz03 @Zabuzard @Tais993 @DevSerendipity @SquidXTV