Package de.xima.fc.security.malware
Class ExtensionCheck
- java.lang.Object
-
- de.xima.fc.security.malware.ExtensionCheck
-
public class ExtensionCheck extends Object
Helper class to verify a file's extension against its content.
-
-
Constructor Summary
Constructors Constructor Description ExtensionCheck()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static Function<String,Set<String>>
defaultMimeMapper()
static Function<String,String>
defaultNormalizer()
ExtensionCheckReport
verify(String fileName, InputStream inputStream)
Compares the MIME type detected by Tika (by examining the streams content) with the one suggested by the provided context MIME mapper.ExtensionCheck
withAllowUnknownTypes(boolean allowUnknownTypes)
Sets whether unknown types (undetected by the ContentTypeUtils or unknown to the context mime mapper) should be allowed or rejected.ExtensionCheck
withExtensionToMimeTypeMapper(Function<String,Set<String>> contextMimeMapper)
Sets the required MIME mapper that finds possible content types for a given file name.ExtensionCheck
withMimeNormalizer(Function<String,String> mimeNormalizer)
Sets an optional, use case dependent MIME type normalizer to handle different MIME types describing the same content (e.g.
-
-
-
Method Detail
-
verify
public ExtensionCheckReport verify(String fileName, InputStream inputStream) throws IOException
Compares the MIME type detected by Tika (by examining the streams content) with the one suggested by the provided context MIME mapper.- If no MIME normalizer has been set,
DFLT_NORMALIZER
will be used. - If the MIME normalizer has been explicitly set to
null
, no normalization will be done.
- Parameters:
fileName
- the name of the file (used to request the MIME type corresponding to the file's extension from the context MIME mapper)inputStream
- the input stream to detect the file's actual content type- Returns:
- a report object describing the result of this content type verification.
- Throws:
IOException
- if an I/O error occurs while reading the input stream
- If no MIME normalizer has been set,
-
withAllowUnknownTypes
public ExtensionCheck withAllowUnknownTypes(boolean allowUnknownTypes)
Sets whether unknown types (undetected by the ContentTypeUtils or unknown to the context mime mapper) should be allowed or rejected.- Parameters:
allowUnknownTypes
- the flag to set (if true, unknown types are allowed, if false not)- Returns:
- This instance for chaining method calls.
-
withExtensionToMimeTypeMapper
public ExtensionCheck withExtensionToMimeTypeMapper(Function<String,Set<String>> contextMimeMapper)
Sets the required MIME mapper that finds possible content types for a given file name.This mapper is used to obtain a whitelist of content types for a file name; against which the detected MIME type is then compared.
- Parameters:
contextMimeMapper
- AFunction
that takes a file name and returns one or more MIME types corresponding to the file name's extension.- Returns:
- This instance for chaining method calls.
-
withMimeNormalizer
public ExtensionCheck withMimeNormalizer(Function<String,String> mimeNormalizer)
Sets an optional, use case dependent MIME type normalizer to handle different MIME types describing the same content (e.g. 'application/xml', 'text/xml' and 'application/xhtml+xml' may be mapped to 'text/plain').- Parameters:
mimeNormalizer
- the MIME normalizer to use.- Returns:
- This instance for chaining method calls.
-
defaultMimeMapper
public static Function<String,Set<String>> defaultMimeMapper()
- Returns:
- Default MIME mapper that uses the file's extension to determine the MIME type.
-
-