Add support to restrict @Core.AcceptableMediaTypes#732
Open
samyuktaprabhu wants to merge 17 commits intomainfrom
Open
Add support to restrict @Core.AcceptableMediaTypes#732samyuktaprabhu wants to merge 17 commits intomainfrom
samyuktaprabhu wants to merge 17 commits intomainfrom
Conversation
![hyperspace-insights[bot]](https://avatars.githubusercontent.com/u/2531208?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
The PR adds media type restriction support for attachments. I've identified a few issues: a typo in MIME type definitions (application/txt should be text/plain), potential security concerns with filename validation (missing path traversal checks), and a minor note about null handling. Overall the implementation is reasonable but needs these corrections before merging.
PR Bot Information
Version: 1.17.53 | 📖 Documentation | 🚨 Create Incident | 💬 Feedback
- Event Trigger:
pull_request.opened - LLM:
anthropic--claude-4.5-sonnet - Correlation ID:
78c854a0-0757-11f1-833c-299ee35f3dc8
...ap/cds/feature/attachments/handler/applicationservice/helper/AttachmentValidationHelper.java
Outdated
Show resolved
Hide resolved
...s/src/main/java/com/sap/cds/feature/attachments/handler/common/ApplicationHandlerHelper.java
Outdated
Show resolved
Hide resolved
...ap/cds/feature/attachments/handler/applicationservice/helper/AttachmentValidationHelper.java
Outdated
Show resolved
Hide resolved
samyuktaprabhu
changed the title
samyuktaprabhu
force-pushed
the
sam-restrict-media-types-409
branch
from
8b6c095 to
a12bc05
Compare
Contributor
There was a problem hiding this comment.
Summary
The pull request introduces MIME type validation for attachments with good test coverage. However, several null safety issues were identified in the validation logic that could lead to NullPointerException errors. Additionally, a minor CDS syntax inconsistency and a misleading test variable name should be addressed.
PR Bot Information
Version: 1.17.61 | 📖 Documentation | 🚨 Create Incident | 💬 Feedback
- Event Trigger:
issue_comment.created - Correlation ID:
b7b79080-0bdb-11f1-9b97-78cdc3653ab1 - LLM:
anthropic--claude-4.5-sonnet
...ap/cds/feature/attachments/handler/applicationservice/helper/AttachmentValidationHelper.java
Show resolved
Hide resolved
...ap/cds/feature/attachments/handler/applicationservice/helper/AttachmentValidationHelper.java
Show resolved
Hide resolved
...s/src/main/java/com/sap/cds/feature/attachments/handler/common/ApplicationHandlerHelper.java
Outdated
Show resolved
Hide resolved
...ture/attachments/integrationtests/nondraftservice/MediaValidatedAttachmentsNonDraftTest.java
Outdated
Show resolved
Hide resolved
samyuktaprabhu
force-pushed
the
sam-restrict-media-types-409
branch
from
e2b000e to
26b499c
Compare
Schmarvinius
requested changes
Feb 18, 2026
Collaborator
There was a problem hiding this comment.
Unit-Tests:
- AttachmentCalidationHelperTest:
- Add a test for wildcard subtype rejection like
image/*should rejectapplication/pdf - Add a test for files start with
.like.gitignoreor.sshor.zshrcand so on
- Add a test for wildcard subtype rejection like
Integration-Tests:
- MediaCalidatedAttachmentsDraftTest:
- Add a test for false inputs like an empty string. You have them for non draft but not for draft.
- Add tests for situations where it fails like upload a
pdfwhen onlyjpegorimage/*is allowed- Also one for dotfiles
- MediaValidatedAttachmentsNonDraftTest:
- Add a test for case sensitivity in the extension
- Add a test for no extension
- Add a test for hidden files again
...ap/cds/feature/attachments/handler/applicationservice/helper/AttachmentValidationHelper.java
Outdated
Show resolved
Hide resolved
...ds/feature/attachments/handler/applicationservice/helper/AttachmentValidationHelperTest.java
Show resolved
Hide resolved
...ds/feature/attachments/integrationtests/draftservice/MediaValidatedAttachmentsDraftTest.java
Outdated
Show resolved
Hide resolved
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add Support to Restrict @Core.AcceptableMediaTypes
✨ New Features
Introduced support for restricting allowed MIME types for attachments using the
@Core.AcceptableMediaTypesannotation. This feature enables validation of file types during upload, ensuring only specified media types are accepted.🔧 Changes
Documentation:
README.md: Added comprehensive documentation for the new@Core.AcceptableMediaTypesannotation, including examples of exact matches, wildcard patterns (image/*), and default behaviorCore Implementation:
CreateAttachmentsHandler.java: Added new@Beforehandler methodprocessBeforeForMetadatathat validates acceptable media types early in the request lifecycle atHandlerOrder.BEFORE. Integrated validation usingCdsRuntimedependency to support metadata validationAttachmentValidationHelper.java(new): Created comprehensive helper class for media type validation with extensive MIME type mapping (70+ common formats including images, documents, videos, fonts). Implements validation logic with support for wildcard patterns and default fallback behaviorRegistration.java: Updated handler registration to passCdsRuntimeinstance toCreateAttachmentsHandlerIntegration Test Configuration:
data-model.cds: AddedmediaValidatedAttachmentscomposition to Roots entitytest-service.cds: Configured annotation to accept only JPEG and PNG imagesRootEntityBuilder.java: Enhanced builder to support media-validated attachments with proper initializationTest Suite:
CreateAttachmentsHandlerTest.java: Added tests for new metadata validation handlerAttachmentValidationHelperTest.java(new): Comprehensive test suite with 16+ test cases covering MIME type detection, validation, wildcards, error scenarios, and edge cases (including hidden files like.gitignore)MediaValidatedAttachmentsDraftTest.java(new): Integration tests for draft service media validationMediaValidatedAttachmentsNonDraftTest.java(new): Integration tests for non-draft service media validationSizeLimitedAttachmentsSizeValidationDraftTest.java: Updated with file name assignmentsSizeLimitedAttachmentValidationNonDraftTest.java: Updated with file name assignmentsSample Application:
samples/bookshop/srv/attachments.cds: AddedmediaValidatedAttachmentscomposition to Books entity with configuration to accept only JPEG and PNG images📬 Subscribe to the Hyperspace PR Bot DL to get the latest announcements and pilot features!
PR Bot Information
Version:
1.17.61| 📖 Documentation | 🚨 Create Incident | 💬 Feedbackpull_request.editedanthropic--claude-4.5-sonnetbbd4b7f0-0d9e-11f1-894a-5accae685c85