We are currently facing a security issue with our application. We had a pen test last week, where one of the findings was that malicious code can be injected into a pdf file and then executed when opening this pdf file in our application. (within the browser) Is there some form of protection against this kind of issues? Are there any people familiar with this issue and have a proper solution? I know of the XSS sanitize solution (community commons module) for strings in Mendix but i am looking for the same solution for files. Some type of virus scanner? The virus scanner in the App store does not support this unfortunatly
We've come up with a solution, where we use a action called StringFromFile (located in CommunityCommons) and then detect the malicious code in the file itself.