Specify excluded attachment extensions (instance security hardening)
When you enable exclusion list validation in the ServiceNow AI Platform, use the glide.attachment.blacklisted.extensions property to create a comma-delimited list of restricted uploadable file extension types. Uploading of the specified file extension types is restricted.
Prerequisites
Set this property before setting the glide.security.attachment_type.use_blacklist property to true. To learn more, see Enable blacklist for attachments.
More information
| Attribute | Description |
|---|---|
| Property name | glide.attachment.blacklisted.extensions |
| Configuration type | System Properties (/sys_properties_list.do) |
| Configure in Instance Security Center | Yes |
| Purpose | Restrict upload (Insert/Write/Update) operation of attachments with questionable file extensions. |
| Type | String |
| Recommended value | User specified file extensions. Common examples include ex, dll, xslx. |
| Functional Impact | No functionality impact unless there is an attempt to upload any file extension that is specified under this property. |
| Security risk | (Medium) A malicious user can upload malware infected attachment with common executable file extensions. |
| Workaround | Properties are available in base system functionality that address the same issue, with inclusion listing instead of exclusion listing. To learn more, see: |
To learn more about adding or creating a system property, see Add a system property.