OF-1021: Verify JAR content
Commit 9c62dbf599f266bde214c5a68a004708edc7da48 adds code that removes uploaded files that cannot be parsed as JAR files.
To further guard against malicous files being uploaded, this commit verifies that the uploaded JAR file contains a 'plugin.xml' entry.
The new functionality is controlled by two new properties:
- plugins.upload.pluginxml-check.enabled A boolean value that enables or disables the check (defaults to true).
OF-1021: Verify magic bytes of uploaded plugins
Commit 9c62dbf599f266bde214c5a68a004708edc7da48 adds code that removes uploaded files that cannot be parsed as JAR files.
To further guard against malicous files being uploaded, this commit verifies the magic bytes (the first few bytes) of the uploaded file.
The new functionality is controlled by two new properties:
- plugins.upload.magic-number-check.enabled A boolean value that enables or disables the check (defaults to true).
- plugins.upload.magic-number.values.expected-value A list of hex representations of valid magic byte sequences (defaults to "504B0304", "504B0506", "504B0708").