AJMitev / FileTypeChecker

Cross platform file type validator for .NET
MIT License
139 stars 27 forks source link
dotnet file files filetype-validator filevalidator identifying-bytes library magicbytes magicnumbers security security-tools validator

FileTypeCheckerFileTypeChecker - Protect your application from malicious files

Build status NuGet Badge License: MIT CodeFactor Discord

Support the project

Buy Me A Coffee

Project Description

FileTypeChecker is a easy to use library that provides quality identification of a file type. This will help you to secure your applications by validating all files that are provided by external sources with few lines of code.

Table of Contents

1. Why to use it?

2. How it works?

3. How to install?

4. How to use?

5. Web Applications

Why to use it?

Have you ever had a requirement for users to be able to upload files of a certain type? How do you validate that the file type is allowed? How do you protect your application from uploading a malicious file? It is standard practice to use the FileSystemInfo class provided by Microsoft and its Extension property for this kind of job, but is that enough? The answer is simple - No! This is why this small but effective library comes to help.

How it works?

FileTypeChecker use file's "magic numbers" to identify the type. According to Wikipedia this term ("magic numbers") was used for a specific set of 2-byte identifiers at the beginnings of files, but since any binary sequence can be regarded as a number, any feature of a file format which uniquely distinguishes it can be used for identification. This approach offers better guarantees that the format will be identified correctly, and can often determine more precise information about the file. See more about Magic Numbers

How to install?

You can install this library using NuGet into your project.

Install-Package File.TypeChecker

or by using dotnet CLI

dotnet add package File.TypeChecker

How to use?

using (var fileStream = File.OpenRead("myFileLocation"))
{
    var isRecognizableType = FileTypeValidator.IsTypeRecognizable(fileStream);

    if (!isRecognizableType)
    {
        // Do something ...
    }

    IFileType fileType = FileTypeValidator.GetFileType(fileStream);
    Console.WriteLine("Type Name: {0}", fileType.Name);
    Console.WriteLine("Type Extension: {0}", fileType.Extension);
    Console.WriteLine("Is Image?: {0}", fileStream.IsImage());
    Console.WriteLine("Is Bitmap?: {0}", fileStream.Is<Bitmap>());
}

If you are interested in finding more samples please use our wiki page.

What types of file are supported?

FileTypeChecker is able to identify more than 22 different types but also you are able to register your own types. For more information please visit our wiki page

Web Applications

If you are developing Web application you can check this. That package is designed for ASP.NET applications and contains very useful predefined validation attributes that can be used for IFormFile.

Credits

Based on mjolka's answer to the Stack Overflow question Guessing a file type based on its content.

This repo is inspired from 0xbrock and the original code can be found in the "original" branch. I re-writed the all project with goal to make it Object oriented, with fluent API and easy to extend.