0

I'm developing a website that need to upload excel/csv files.

There is a way to validation files from hackers e.g. ensure that the files not contains malicious code?

Until now I have this:

public class ValidateFileAttribute : RequiredAttribute
{
    private readonly decimal filesize = 10;//10 MB
    bool result = false;
    string[] supporteFilesdTypes = new[] { "csv", "xls", "xlsx" };
    public override bool IsValid(object value)
    {
        var file = value as HttpPostedFileBase;
        if (file == null)
        {
            return false;
        }

        var fileExt = Path.GetExtension(file.FileName).Substring(1).ToLower();
        switch (fileExt)
        {
            case "csv":
            case "xls":
            case "xlsx":
                result = file.ContentLength > (filesize * 1024);
                break;
            default:
                break;

        }

        return result;
    }
}

public class ManipulateFile
{
    [ValidateFileAttribute]
    public HttpPostedFileBase FileUpload { get; set; }

    public ManipulateFile()
    {

    }
}
tal
  • 295
  • 1
  • 4
  • 20
  • 1
    For a start, refer [this answer](https://stackoverflow.com/questions/40199870/how-to-validate-file-type-of-httppostedfilebase-attribute-in-asp-net-mvc-4/40200034#40200034) for how to correctly validate a file type (and it includes a link to validate a file size) –  Feb 19 '18 at 07:13
  • @StephenMuecke Thanks – tal Feb 19 '18 at 07:34
  • Check this also, https://stackoverflow.com/questions/11547654/determine-the-file-type-using-c-sharp – PSK Feb 19 '18 at 08:32
  • @PSK, That is web forms, not asp.net-mvc –  Feb 19 '18 at 21:33

0 Answers0