Skip to content
/ FileTypeChecker Public
forked from mjolka/filetypes

File Type Checker is a .Net file identification library allowing developers to verify the file's magic numbers/identifying bytes against a whitelist.

www.nuget.org/packages/FileTypeChecker/

License

MIT license
16 stars 11 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xbrock/FileTypeChecker

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
FileTypeChecker.Tests
FileTypeChecker.Tests
 
 
FileTypeChecker
FileTypeChecker
 
 
.gitignore
.gitignore
 
 
FileTypeChecker.sln
FileTypeChecker.sln
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 

Repository files navigation

File Type Checker

File Type Checker is a .Net file identification library allowing developers to verify the file's magic numbers/identifying bytes against a whitelist.

The purpose of this code is to make it easier for people to add better file security functionality to their projects via a NuGet package.

Installation

Nuget package: FileTypeChecker

Via Package Manager:

Install-Package FileTypeChecker

Usage

Using an IoC container, register the instance in the container

new List<FileType>
{
    new FileType("Portable Network Graphic", ".png",
        new ExactFileTypeMatcher(new byte[] {0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A})),
    new FileType("JPEG", ".jpg",
        new FuzzyFileTypeMatcher(new byte?[] {0xFF, 0xD, 0xFF, 0xE0, null, null, 0x4A, 0x46, 0x49, 0x46, 0x00})),
    new FileType("Portable Document Format", ".pdf", new RangeFileTypeMatcher(new ExactFileTypeMatcher(new byte[] { 0x25, 0x50, 0x44, 0x46 }), 1019))
}

Register the FileTypeChecker concrete implementation to the IFileTypeChecker interface. Wherever you need the checker, dependency inject it and use it like below.

    // pdf is a stream containing a PDF
    var fileType = checker.GetFileType(pdf);

Background

I have seen too many projects allow file uploads any the only validation that occurs is the filename extension. This project exists because there needs to be a plug and play library that facilites mitigating this security issue.

File Magic Number Resources

For a list of file magic numbers, I have found these sites to be useful.

Credits

Based on mjolka's answer to the Stack Overflow question Guessing a file type based on its content.

This repo is forked from https://github.com/mjolka/filetypes and the original code can be found in the "original" branch (preserving for posterity). I have changed the namespaces/project name to better describe the purpose.

About

File Type Checker is a .Net file identification library allowing developers to verify the file's magic numbers/identifying bytes against a whitelist.

www.nuget.org/packages/FileTypeChecker/

Topics

csharp validator file-upload magic-numbers magic-number

Resources

Readme

License

MIT license
Activity

Stars

16 stars

Watchers

3 watching

Forks

7 forks
Report repository

Releases 1

NuGet Package & Binary Build Latest
Nov 17, 2017

Packages

No packages published

Languages

  • C# 100.0%
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy