2

When I upload a file from my React application to my server .NET Core api, I'm expecting a IFormFile type which should be an image. I'm validating the extension/mime type, but if the user changes, for example, an executable extension from 'executable.exe' to 'executable.png' it will pass through the validation! I searched a lot looking for a solution, I couldn't find any answer that suits my needs, I will keep looking, but meanwhile if someone already solved this kind of issues please let me know the better way to handle with this validation, avoiding answers that rely on getting the file extension whether the mime type.

Thanks all that can help!

Nuno Silva Marques
  • 73
  • 1
  • 1
  • 6
  • 2
    You could check out something like [Mime Detective](https://www.nuget.org/packages/Mime-Detective/) which inspects the file independently of the file extensions, and reports on what type of file it really is – marc_s Feb 21 '22 at 17:50
  • Does this answer your question? [How to check if a byte array is a valid image?](https://stackoverflow.com/questions/8349693/how-to-check-if-a-byte-array-is-a-valid-image) – Marius Feb 21 '22 at 17:51
  • @Marius thanks, but no, it didn't solve the problem, if I'm relying on UI the user that changes a ".exe" to a ".png" it will probably delete the "accept" property, and for now on the server side I tried to get the real file extension but without success! – Nuno Silva Marques Feb 22 '22 at 14:24
  • @marc_s thanks, I'm exploring it, but so far no results yet, I will keep me exploring it. – Nuno Silva Marques Feb 22 '22 at 14:25
  • @NunoSilvaMarques, not sure how that didn't work. You can get a file with any file extension, use the bytes of that file to create a new image. If that fails by throwing an exception, the image is invalid, and not an image. Further they explain how you can check the bytes, since the images start with specific bytes. Did you perhaps confuse me with marc_s? – Marius Feb 22 '22 at 14:30

0 Answers0