[$30] able to upload all types of files after changing the extension to ".xlsx" in upload profile data tab

[rprakash20]

Steps to Reproduce

1. Open https://skill-search.topcoder-dev.com/ web app
2. Login with tonyj /appirio123
3. Select topcoder as organization
4. Navigate to third tab
5. Now on your system, take a image file and change its's extension to ".xlsx"
6. Now click on browse and select the file whose extension is changes in previous step and upload
7. Notice the result

Screenshots or Screen Capture

Current Results

able to upload all types of files after changing the extension to ".xlsx" in upload profile data tab

Expected Results

application must validate the MIME type of the file uploaded before saving it. This can be a big security risk.

Browser version and OS version

• Device: MacBook Pro 13 inch
• Browser: Chrome Version 83.0.4103.116 (Official Build) (64-bit)
• OS Version: macOS Catalina 10.15.4

[callmekatootie]

Valid bug.

[callmekatootie]

Expected: In the backend (under the src folder), in the api handle, detect the file type using https://www.npmjs.com/package/file-type module and reject if the file type is not among the supported file types

Note that for csv and xls, the module will return undefined and that is ok - in such a case, just ensure that the file.type is in the approved list

[cwdcwd]

Contest https://www.topcoder.com/challenges/30134277 has been created for this ticket.

This is an automated message for lazybaer via Topcoder X