This site requires JavaScript to be enabled

Validation of MIME types within ServiceNow

1031 views

Change: Validation of MIME types within ServiceNow

Effective: 2017/09/27
Release: 5.7.0

Purpose

To protect the platform and its users from malicious files that can be uploaded to the platform. This will make sure that the file type identified by your browser/system, matches the file extension, magic number and what ServiceNow thinks the file type is. For example, if you rename a zip file to “.doc” and upload it to ServiceNow to get around the upcoming restriction to “.zip”, the upload will fail because the MIME type (application/zip) and magic number (0x50 0x4B) do not match the file extension (.doc).

Changes

ServiceNow will now validate the MIME types and magic numbers for uploaded files to make sure they match the file extension.

Known Issue File Types

Some file types may no longer upload due to a mismatch in MIME type and file extension. This appears to be limited to infrequently used file types and might be cause by misidentification by ServiceNow and/or the uploading computer. A list of known issue file types are below.

Note: These are file types that caused issues for us in testing. Depending on your computer setup, you may or may not have an issue with these or other file types.

File extensions Description
heif, heic New image file format
mp4 Video formats
rpt Crystal Reports documents
vdx Microsoft Visio file

Workarounds

Upload the file to a campus provided service such as Google Docs and include a link in the ticket.

Fix Plan

We are working with the vendor to resolve the issue.

FAQ

  1. How do I know if I am having this issue with a file I attempted to upload?

    If you upload a small file, have a reliable internet connection and the upload bar takes a long time, you may have run into the issue. Try to upload again and see if the issue persists. If it does, please use the workaround.

    You may also run into the issue if you drag and drop the file over the web browser displaying the record you are editing (such as an Incident or HR Case), and it appears to have uploaded, but upon refresh the file has disappeared.

  2. Can you tell if I ran into the issue and recover the file that failed?

    No we cannot. The file was rejected by ServiceNow and SerivceNow has no record of the file.

  3. Will this affect emails into the system?

    No, this appears to be an issue limited to browser uploads.

Authored by Justin Anonuevo
Last modified 2018-05-31 17:27:58