I have a file uploader that only accepts JPGs, PNGs and GIFs.

Using the Outsystems HTTPRequestHandler/RequestFile method we use the FileType to validate the file is of a valid type.

As part of an internal security test, I have an executable file that I am attmpeting to upload. Just by renaming the file to have a JPG extension the FileType is returned by outsystems as valid and the exe is uploaded.

Is there a way to check the actual file type?

I notice there is a forge plugin called File Type Inspector but it is for the Java stack and we are .NET.

Thanks

Hi Kieran,

When a file is uploaded, the Upload Widget reports the file type in the "Type" Runtime Property. I'm not sure why you need the HTTPRequestHandler for that?

If you just want to accept JPG, PNG and GIF files, you could try the ImageToolbox Forge Component for checking the file's validity.

Unfortunately we have another use case for filetypes that are documents also.

The request itself passes the content type as a jpeg. GetRequestFiles must return the file type based on that.

Content-Disposition: form-data; name="file"; filename="test.jpg" Content-Type: image/jpeg

What I want to do is inspect the binary data to see EXACTLY what it is, not what it says that it is.

I could write my own method to do this. The overhead here will be defining all of the possible filetypes we support and then keeping it up to date.

I was curious if there was already something out there that existed.

Solution

Hi Kieran,

You can never hope to see EXACTLY what things are, as you'd have to write full-blown validators for every supported file type, which would be a monstrous task. I still think the best approach is to use some heurstics and hope for the best.

Solution

We have a whitlelist of accepted file types to upload (about 10 or so) so I have gone with the solution of inspecting the binary and matching the ASCII identifying characters to the expected idetnifiers as found at http://filext.com.


Yeah, that will work indeed, and it's what I meant by "use some heuristics" :).