堆栈内存溢出
  简体   繁体   English

如何在Javascript或Apex中检查受限文件

[英]How to check restricted file in Javascript or Apex

 原文  2018-10-30 15:20:19       javascript/ salesforce/ apex

问题描述

While uploading file we need to validate whether the file is valid or restricted file by OWASP. 在上传文件时,我们需要通过OWASP验证文件是有效文件还是受限文件。

Allowed file types: txt,ppt,pptx,doc,docx,xls,xlsx,csv,jpeg,jpg,bmp,gif,png Restricted file types: exe,jar,zip,ini,log [executable files] 允许的文件类型:txt,ppt,pptx,doc,docx,xl​​s,xlsx,csv,jpeg,jpg,bmp,gif,png受限文件类型:exe,jar,zip,ini,log [可执行文件]

We have followed the below validations in javascript. 我们在javascript中遵循了以下验证。

  1. We are validating the files by file extension [ working fine ] 我们正在通过文件扩展名验证文件[运行正常]
  2. We are evaluating the file content by magic numbers[hex code] whether the file extension has been changed or not. 我们正在通过幻数[十六进制代码]评估文件内容,无论文件扩展名是否已更改。 it is perfectly working for most of the file types. 对于大多数文件类型来说,它是完美的选择。

But the issue here is jar,odt,docx,pptx,ppt,xlsx files have same magic numbers. 但是这里的问题是jar,odt,docx,pptx,ppt,xlsx文件具有相同的幻数。

We are not allowing user to upload executables files and zip,jar,odt files. 我们不允许用户上传可执行文件和zip,jar,odt文件。

How to differentiate jar,odt & zip with docx,pptx,xlsx? 如何用docx,pptx,xlsx区分jar,odt和zip?

Reference Link: 参考链接:

https://en.wikipedia.org/wiki/List_of_file_signatures https://en.wikipedia.org/wiki/List_of_file_signatures

https://medium.com/the-everyday-developer/detect-file-mime-type-using-magic-numbers-and-javascript-16bc513d4e1e https://medium.com/the-everyday-developer/detect-file-mime-type-using-magic-numbers-and-javascript-16bc513d4e1e

Please do let me know any solutions or suggestion to achieve this in Javascript or apex. 请让我知道用Javascript或apex实现此目的的任何解决方案或建议。

1 个解决方案

解决方案1
 0  2018-10-30 17:22:01

Fixed issue by reading the file content using FileReader API and checking whether the file contains [Content_Type.xml]. 通过使用FileReader API读取文件内容并检查文件是否包含[Content_Type.xml]来解决此问题。 If the file is docx,xlsx or pptx it returns [content_type].xml while reading the file content from filereader. 如果文件是docx,xl​​sx或pptx,则在从filereader读取文件内容时会返回[content_type] .xml。 If it is a jar/odt/odc/apk or any other files it returns different string. 如果是jar / odt / odc / apk或任何其他文件,则返回不同的字符串。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在反应中上传时检查受限制的文件 - How to check for restricted file while uploading in react javascript中的递归限制如何? - how restricted is recursion in javascript? 如何将JavaScript文件包含到Apex Oracle的LOV弹出窗口中? - How to include javascript file into LOV popups on apex oracle? Oracle Apex Ghosting Javascript外部文件(错误?) - Oracle Apex Ghosting Javascript external file (bug?) 如何在 oracle apex 的 javascript 代码中指定 5 个顶点项 - How to specify the 5 apex items on my javascript code at oracle apex 如何安排顶点运行javascript函数? - How to schedule apex to run a javascript function? 如何从Javascript访问Oracle Apex变量? - How to access Oracle Apex variables from Javascript? 如何在 Oracle Apex 中使用 javascript 隐藏区域 - How to hide regions with javascript in Oracle Apex 如何通过JavaScript将值分配给Apex - How to Assign the Value to Apex from the Javascript 如何在JavaScript中解析eslinter的无限制语法? - How do I resolve the no-restricted-syntax from eslinter in JavaScript ?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM