Package de.xima.fc.security.malware

Class ExtensionCheck

  • public class ExtensionCheck
extends Object
    Helper class to verify a file's extension against its content.

    • Constructor Detail

      • ExtensionCheck

        public ExtensionCheck()

    • Method Detail

      • verify

        public ExtensionCheckReport verify​(String fileName,
                                   InputStream inputStream)
                            throws IOException
        Compares the MIME type detected by Tika (by examining the streams content) with the one suggested by the provided context MIME mapper.
        • If no MIME normalizer has been set, DFLT_NORMALIZER will be used.
        • If the MIME normalizer has been explicitly set to null, no normalization will be done.
        Parameters:
        fileName - the name of the file (used to request the MIME type corresponding to the file's extension from the context MIME mapper)
        inputStream - the input stream to detect the file's actual content type
        Returns:
        a report object describing the result of this content type verification.
        Throws:
        IOException - if an I/O error occurs while reading the input stream

      • withAllowUnknownTypes

        public ExtensionCheck withAllowUnknownTypes​(boolean allowUnknownTypes)
        Sets whether unknown types (undetected by the ContentTypeUtils or unknown to the context mime mapper) should be allowed or rejected.
        Parameters:
        allowUnknownTypes - the flag to set (if true, unknown types are allowed, if false not)
        Returns:
        This instance for chaining method calls.

      • withExtensionToMimeTypeMapper

        public ExtensionCheck withExtensionToMimeTypeMapper​(Function<String,​Set<String>> contextMimeMapper)
        Sets the required MIME mapper that finds possible content types for a given file name.

        This mapper is used to obtain a whitelist of content types for a file name; against which the detected MIME type is then compared.

        Parameters:
        contextMimeMapper - A Function that takes a file name and returns one or more MIME types corresponding to the file name's extension.
        Returns:
        This instance for chaining method calls.

      • withMimeNormalizer

        public ExtensionCheck withMimeNormalizer​(Function<String,​String> mimeNormalizer)
        Sets an optional, use case dependent MIME type normalizer to handle different MIME types describing the same content (e.g. 'application/xml', 'text/xml' and 'application/xhtml+xml' may be mapped to 'text/plain').
        Parameters:
        mimeNormalizer - the MIME normalizer to use.
        Returns:
        This instance for chaining method calls.

      • defaultMimeMapper

        public static Function<String,​Set<String>> defaultMimeMapper()
        Returns:
        Default MIME mapper that uses the file's extension to determine the MIME type.

      • defaultNormalizer

        public static Function<String,​String> defaultNormalizer()
        Returns:
        Default MIME normalizer that simply canonicalizes the MIME type to a fixed string representation.