HowTo block unwanted FileExtentions to be added as attachment on IPCs

Version 4

    Verified Product Versions

    Service Desk 7.7.xService Desk 7.8.xService Desk 2016.xAsset Manager 2016.x


    Tested with 7.7+

    Review Date:

    03/03/2015         initial release


    Service Desk allows all File Extensions to be added to an IPC. There is no filtering upon potential malicious file extensions like JS or EXE.

    This can be controlled via a calculation on the Attachment Object.


    (in this HowTo we change Incident.Attachment, if you wish to filter FielExtentions in other Modules than you need to replicate the steps for their respective Objects)

    On the Attachment Object  create a new String attribute with unlimited length and the name “FileExtentionCalc”.


    On this Attribute set the Calculation type to be “Before Save” and open the Calculation Editor via the ellipses


    Add the following calculation to the editor.

    You can choose any attribute as the dependency, but "Attachment Document" would make the solution a bit more self documenting.

    Ensure that your list of extensions is in the WhiteList Collection and save the Calculation and Object


    import System
    import System.Text.RegularExpressions
    static def GetAttributeValue(Attachment):
        // Your list of allowed FileExtentions
        // 'otherEnding' is the Extension used to rename unwanted Extensions
        // adding this to list prevents looping to save files
        whitelist = ['doc', 'txt', 'jpg', 'otherEnding']
        Value = Attachment.AttachmentDocument.OriginalFileName
        rgx = Regex('[.]{1}[a-zA-Z0-9_-]+$')
        whiteListEnding = false
        for fileEnding in whitelist:
            if Value.EndsWith('.' + fileEnding):
                whiteListEnding = true
        if whiteListEnding == false:
            Value = rgx.Replace(Value, '.otherEnding');
            Attachment.AttachmentDocument.OriginalFileName = Value
        return Value