在C#中保护Excel文件上传
[英]Protect Excel File upload in C#
问题描述
我正在尝试实现OWASP-针对 C#中Excel文件的恶意文件保护FileUpload 。
我正在努力寻找有关如何获取每个Macro / Vba / OLE_Object的任何文档。
这是我当前的代码:
using DocumentFormat.OpenXml;
using DocumentFormat.OpenXml.Packaging;
using System;
using System.IO;
namespace Utils.FileSecurity
{
public static class ExcelDocumentDetector
{
public static bool IsSafe(byte[] fileBytes)
{
try
{
using (var document = SpreadsheetDocument.Open(new MemoryStream(fileBytes), true))
{
if (document.DocumentType == SpreadsheetDocumentType.MacroEnabledWorkbook
|| document.DocumentType == SpreadsheetDocumentType.MacroEnabledTemplate)
return false;
foreach (var sheet in document.WorkbookPart.Workbook.Sheets)
{
// ???
}
}
}
catch (Exception e)
{
return false;
}
return true;
}
}
}
你们对此有任何提示/文档吗? 谢谢
1 个解决方案
解决方案1
-1 2018-11-12 09:51:57
[HttpPost]
public ActionResult UploadExcel( HttpPostedFileBase postedFile)
{
string filePath = string.Empty;
if (postedFile != null)
{
string path = Server.MapPath("~/UploadFiles/");
if (!Directory.Exists(path))
{
Directory.CreateDirectory(path);
}
filePath = path + Path.GetFileName(postedFile.FileName);
string extension = Path.GetExtension(postedFile.FileName);
postedFile.SaveAs(filePath);
string conString = string.Empty;
switch (extension)
{
case ".xls": //Excel 97-03.
conString = ConfigurationManager.ConnectionStrings["Excel03ConString"].ConnectionString;
break;
case ".xlsx": //Excel 07 and above.
conString = ConfigurationManager.ConnectionStrings["Excel07ConString"].ConnectionString;
break;
}
DataTable dt = new DataTable();
conString = string.Format(conString, filePath);
using (OleDbConnection connExcel = new OleDbConnection(conString))
{
using (OleDbCommand cmdExcel = new OleDbCommand())
{
using (OleDbDataAdapter odaExcel = new OleDbDataAdapter())
{
cmdExcel.Connection = connExcel;
//Get the name of First Sheet.
connExcel.Open();
DataTable dtExcelSchema;
dtExcelSchema = connExcel.GetOleDbSchemaTable(OleDbSchemaGuid.Tables, null);
string sheetName = dtExcelSchema.Rows[0]["TABLE_NAME"].ToString();
connExcel.Close();
//Read Data from First Sheet.
connExcel.Open();
cmdExcel.CommandText = "SELECT * From [" + sheetName + "]";
odaExcel.SelectCommand = cmdExcel;
odaExcel.Fill(dt);
connExcel.Close();
}
}
}
string output="";
for (int i = 0; i < dt.Rows.Count; i++)
{
output = output + dt.Rows[i]["Email"].ToString();
output += (i < dt.Rows.Count) ? "," : string.Empty;
}
output = output.Remove(output.Length - 1);
}
return View();
}
如何使用带有c#的openxml(不是整个行/列)隐藏和保护excel文件中一个Cell的文本?
[英]How can I hide and protect the text of one Cell in an excel file using openxml with c# (not the entire row/ column)?
上传Excel文件并使用C#将工作表重命名为新工作表名称不使用excel interop
[英]upload excel file and rename sheet to new sheet name using c# not use excel interop
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.