How to Protect Against Uploading of Malicious Files to S3

Antony · October 3, 2023, 2:35pm

My S3 Upload element on the front-end is limited to a certain list of file types:

image/*,.pdf,.doc,.txt,.doc,.docx,.xls,.xlsx

However this does not protect against an exe file which has just been renamed to have a file extension that is in this list…

Is there a Wappler feature that will check the file’s content is actually from one of the types in this list to prevent malicious uploads?

Thanks!
Antony.

se3_upload

Cheese · October 3, 2023, 6:39pm

Have a read here Antony.

No is the short answer. And to develop such a feature is not really a burden the team need take on as its outside of the remit of Wappler and its purpose. With regards to .exe files they are only a Windows issue. Being hosted on AWS they can’t execute anyway.