Package de.xima.fc.security.malware

Class ExtensionCheck

java.lang.Object

de.xima.fc.security.malware.ExtensionCheck

public class ExtensionCheck
extends Object

Helper class to verify a file's extension against its content.

Constructor Summary

Constructors

Constructor	Description
ExtensionCheck()

Method Summary

Modifier and Type	Method	Description
static Function<String,Set<String>>	defaultMimeMapper()
static Function<String,String>	defaultNormalizer()
ExtensionCheckReport	verify(String fileName, InputStream inputStream)	Compares the MIME type detected by Tika (by examining the streams content) with the one suggested by the provided context MIME mapper.
ExtensionCheck	withAllowUnknownTypes(boolean allowUnknownTypes)	Sets whether unknown types (undetected by the ContentTypeUtils or unknown to the context mime mapper) should be allowed or rejected.
ExtensionCheck	withExtensionToMimeTypeMapper(Function<String,Set<String>> contextMimeMapper)	Sets the required MIME mapper that finds possible content types for a given file name.
ExtensionCheck	withMimeNormalizer(Function<String,String> mimeNormalizer)	Sets an optional, use case dependent MIME type normalizer to handle different MIME types describing the same content (e.g.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ExtensionCheck

public ExtensionCheck()

Method Details

verify

public ExtensionCheckReport verify(String fileName,
 InputStream inputStream)
                            throws IOException

Compares the MIME type detected by Tika (by examining the streams content) with the one suggested by the provided context MIME mapper.

• If no MIME normalizer has been set, DFLT_NORMALIZER will be used.
• If the MIME normalizer has been explicitly set to null, no normalization will be done.

Parameters:

fileName - the name of the file (used to request the MIME type corresponding to the file's extension from the context MIME mapper)

inputStream - the input stream to detect the file's actual content type

Returns:

a report object describing the result of this content type verification.

Throws:

IOException - if an I/O error occurs while reading the input stream

withAllowUnknownTypes

public ExtensionCheck withAllowUnknownTypes(boolean allowUnknownTypes)

Sets whether unknown types (undetected by the ContentTypeUtils or unknown to the context mime mapper) should be allowed or rejected.

Parameters:

allowUnknownTypes - the flag to set (if true, unknown types are allowed, if false not)

Returns:

This instance for chaining method calls.

withExtensionToMimeTypeMapper

public ExtensionCheck withExtensionToMimeTypeMapper(Function<String,Set<String>> contextMimeMapper)

Sets the required MIME mapper that finds possible content types for a given file name.

This mapper is used to obtain a whitelist of content types for a file name; against which the detected MIME type is then compared.

Parameters:

contextMimeMapper - A Function that takes a file name and returns one or more MIME types corresponding to the file name's extension.

Returns:

This instance for chaining method calls.

withMimeNormalizer

public ExtensionCheck withMimeNormalizer(Function<String,String> mimeNormalizer)

Sets an optional, use case dependent MIME type normalizer to handle different MIME types describing the same content (e.g. 'application/xml', 'text/xml' and 'application/xhtml+xml' may be mapped to 'text/plain').

Parameters:

mimeNormalizer - the MIME normalizer to use.

Returns:

This instance for chaining method calls.

defaultMimeMapper

public static Function<String,Set<String>> defaultMimeMapper()

Returns:

Default MIME mapper that uses the file's extension to determine the MIME type.

defaultNormalizer

public static Function<String,String> defaultNormalizer()

Returns:

Default MIME normalizer that simply canonicalizes the MIME type to a fixed string representation.