FileTypeChecker 1.0.0

File Type Checker

File type checker that checks the file's magic numbers/identifying bytes.  Useful for verifying uploaded files in web applications.
NuGet package of code originally written by https://github.com/mjolka and extended to allow for dependency injecting the known file types.

Install-Package FileTypeChecker -Version 1.0.0
dotnet add package FileTypeChecker --version 1.0.0
paket add FileTypeChecker --version 1.0.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

File Type Checker

File Type Checker is a .Net file identification library allowing developers to the file's magic numbers/identifying bytes against a whitelist.

The purpose of this code is to make it easier for people to add better file security functionality to their projects via a NuGet package.

Usage

Using an IoC container, register the instance in the container

new List<FileType>
{
    new FileType("Portable Network Graphic", ".png",
        new ExactFileTypeMatcher(new byte[] {0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A})),
    new FileType("JPEG", ".jpg",
        new FuzzyFileTypeMatcher(new byte?[] {0xFF, 0xD, 0xFF, 0xE0, null, null, 0x4A, 0x46, 0x49, 0x46, 0x00})),
    new FileType("Portable Document Format", ".pdf", new RangeFileTypeMatcher(new ExactFileTypeMatcher(new byte[] { 0x25, 0x50, 0x44, 0x46 }), 1019))
}

Register the FileTypeChecker concrete implementation to the IFileTypeChecker interface. Wherever you need the checker, dependency inject it and use it like below.

    // pdf is a stream containing a PDF
    var fileType = checker.GetFileType(pdf);

Background

I have seen too many projects allow file uploads any the only validation that occurs is the filename extension. This project exists because there needs to be a plug and play library that facilites mitigating this security issue.

File Magic Number Resources

For a list of file magic numbers, I have found these sites to be useful.

Credits

Based on mjolka's answer to the Stack Overflow question Guessing a file type based on its content.

This repo is forked from https://github.com/mjolka/filetypes and the original code can be found in the "original" branch (preserving for posterity). I have changed the namespaces/project name to better describe the purpose.

File Type Checker

File Type Checker is a .Net file identification library allowing developers to the file's magic numbers/identifying bytes against a whitelist.

The purpose of this code is to make it easier for people to add better file security functionality to their projects via a NuGet package.

Usage

Using an IoC container, register the instance in the container

new List<FileType>
{
    new FileType("Portable Network Graphic", ".png",
        new ExactFileTypeMatcher(new byte[] {0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A})),
    new FileType("JPEG", ".jpg",
        new FuzzyFileTypeMatcher(new byte?[] {0xFF, 0xD, 0xFF, 0xE0, null, null, 0x4A, 0x46, 0x49, 0x46, 0x00})),
    new FileType("Portable Document Format", ".pdf", new RangeFileTypeMatcher(new ExactFileTypeMatcher(new byte[] { 0x25, 0x50, 0x44, 0x46 }), 1019))
}

Register the FileTypeChecker concrete implementation to the IFileTypeChecker interface. Wherever you need the checker, dependency inject it and use it like below.

    // pdf is a stream containing a PDF
    var fileType = checker.GetFileType(pdf);

Background

I have seen too many projects allow file uploads any the only validation that occurs is the filename extension. This project exists because there needs to be a plug and play library that facilites mitigating this security issue.

File Magic Number Resources

For a list of file magic numbers, I have found these sites to be useful.

Credits

Based on mjolka's answer to the Stack Overflow question Guessing a file type based on its content.

This repo is forked from https://github.com/mjolka/filetypes and the original code can be found in the "original" branch (preserving for posterity). I have changed the namespaces/project name to better describe the purpose.

Dependencies

This package has no dependencies.

Version History

Version Downloads Last updated
1.0.0 391 11/17/2017