//This test is commented out because it actually allows the really evil pdf through, that file is html, but starts
//with %PDF like a real pdf, all browsers refuse to open this file at the time of this writing (8-6-17), so that file
//is considered safe.
//[Fact]
//public void ReallyEvilPdf()
//{
// TestFailValidator("TestFiles/ReallyEvilPdf.pdf", new FileVerifier().AddPdf(), FileVerifierFactory.PdfMimeType);
//}
private static void TestFailValidator(string file, IFileVerifier verifier, string mimeType)
{
using (var stream = File.Open(file, FileMode.Open, FileAccess.Read, FileShare.Read))
{
Assert.ThrowsAny <Exception>(new Action(() => verifier.Validate(stream, file, mimeType)));
}
}
public VerifierFacts()
{
this.fileVerifier = A.Fake <IFileVerifier>();
A.CallTo(() => this.fileVerifier.DoesFileExist(A <string> ._)).Returns(true);
this.testee = new Verifier(this.fileVerifier);
}
public PageRepository(IFileFinder fileFinder, ITargetFileInfoProvider fileInfoProvider, IPathBaseInjector pathBaseInjector, IFileVerifier fileVerifier)
{
this.fileFinder = fileFinder;
this.fileInfoProvider = fileInfoProvider;
this.pathBase = pathBaseInjector.PathBase;
this.fileVerifier = fileVerifier;
}
/// <summary>
/// Add html files to the verifier. Be careful adding html support since that will allow users to add random code
/// to your website. This is normally not a good idea.
/// </summary>
/// <param name="fileVerifier">The file verifier to add support to.</param>
/// <returns>The passed in file verifier.</returns>
public static IFileVerifier AddHtml(this IFileVerifier fileVerifier)
{
fileVerifier.AddTypeVerifier(new MagicNumberVerifier(new List <String> {
".html", ".htm"
}, HtmlMimeType));
return(fileVerifier);
}
public void TestSuccessVerifier(String file, IFileVerifier verifier, String mimeType)
{
using (var stream = File.Open(file, FileMode.Open, FileAccess.Read, FileShare.Read))
{
verifier.Validate(stream, file, mimeType);
}
}
public static IFileVerifier AddJpeg(this IFileVerifier fileVerifier)
{
fileVerifier.AddTypeVerifier(new MagicNumberVerifier(new List <String> {
".jpg", ".jpeg", ".jpe", ".jfif"
}, JpegMimeType));
return(fileVerifier);
}
public async Task Upload([FromForm] UploadInput input, [FromServices] IFileVerifier fileVerifier)
{
var fileInfo = fileInfoProvider.GetFileInfo(input.File, HttpContext.Request.PathBase);
using (var uploadStream = input.Content.OpenReadStream())
{
fileVerifier.Validate(uploadStream, fileInfo.DerivedFileName, input.Content.ContentType);
using (Stream stream = fileFinder.WriteFile(fileInfo.DerivedFileName))
{
await uploadStream.CopyToAsync(stream);
}
}
}
private static void ChecksumNotFound(IFileVerifier verifier, string filename)
{
var sender = (MyChecksumVerifier)verifier;
if (!m_ignoreList.Contains(filename) && filename.StartsWith(sender.BaseChecksumDir, StringComparison.InvariantCultureIgnoreCase))
{
var shortName = filename.Substring(Math.Min(filename.Length, sender.BaseChecksumDir.Length + 1));
if (shortName.StartsWith("Data", StringComparison.InvariantCultureIgnoreCase))
{
MySandboxGame.Log.WriteLine(string.Format("Error: no checksum found for file '{0}'", filename));
m_ignoreList.Add(filename);
}
}
}
private static void ChecksumNotFound(IFileVerifier verifier, string filename)
{
var sender = (MyChecksumVerifier)verifier;
if (!m_ignoreList.Contains(filename) && filename.StartsWith(sender.BaseChecksumDir, StringComparison.InvariantCultureIgnoreCase))
{
var shortName = filename.Substring(Math.Min(filename.Length, sender.BaseChecksumDir.Length + 1));
if (shortName.StartsWith("Data", StringComparison.InvariantCultureIgnoreCase))
{
MySandboxGame.Log.WriteLine(string.Format("Error: no checksum found for file '{0}'", filename));
m_ignoreList.Add(filename);
}
}
}
public FileWatcherService()
{
_fileSystemWatcher = new FileSystemWatcher();
_fileSystemWatcher.Changed += new FileSystemEventHandler(OnChanged);
_fileSystemWatcher.Created += new FileSystemEventHandler(OnChanged);
_fileSystemWatcher.NotifyFilter = NotifyFilters.LastAccess | NotifyFilters.CreationTime | NotifyFilters.FileName;
_fileSystemWatcher.Filter = "*.*";
_fileSystemWatcher.Path = ConfigurationManager.AppSettings["WatchPath"];
var connectionstring = ConfigurationManager.ConnectionStrings["FileWatcher"].ConnectionString;
_fileProcessQueue = new FileProcessQueue(connectionstring);
_fileVerifier = new FileVerifier(connectionstring);
_fileWatchAudit = new FileWatchAudit(connectionstring);
_logger = new Log4NetLogger(typeof(FileWatcherService));
}
public static IFileVerifier AddGif(this IFileVerifier fileVerifier)
{
fileVerifier.AddTypeVerifier(new MagicNumberVerifier(".gif", GifMimeType));
return(fileVerifier);
}
public Verifier(IFileVerifier fileVerifier)
{
this.fileVerifier = fileVerifier;
}
public static IFileVerifier AddBitmap(this IFileVerifier fileVerifier)
{
fileVerifier.AddTypeVerifier(new MagicNumberVerifier(".bmp", BitmapMimeType));
return(fileVerifier);
}
public static IFileVerifier AddXls(this IFileVerifier fileVerifier)
{
fileVerifier.AddTypeVerifier(new MagicNumberVerifier(".xls", XlsMimeType, 0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1));
return(fileVerifier);
}
public static IFileVerifier AddPpt(this IFileVerifier fileVerifier)
{
fileVerifier.AddTypeVerifier(new MagicNumberVerifier(".ppt", PptMimeType, 0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1));
return(fileVerifier);
}
public static IFileVerifier AddPptx(this IFileVerifier fileVerifier)
{
fileVerifier.AddTypeVerifier(new MagicNumberVerifier(".pptx", PptxMimeType, 0x50, 0x4B, 0x03, 0x04));
return(fileVerifier);
}
public static IFileVerifier AddDoc(this IFileVerifier fileVerifier)
{
fileVerifier.AddTypeVerifier(new MagicNumberVerifier(".doc", DocMimeType, 0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1));
return(fileVerifier);
}
public static IFileVerifier AddJson(this IFileVerifier fileVerifier)
{
fileVerifier.AddTypeVerifier(new MagicNumberVerifier(".json", JsonMimeType));
return(fileVerifier);
}
public static IFileVerifier AddPdf(this IFileVerifier fileVerifier)
{
fileVerifier.AddTypeVerifier(new MagicNumberVerifier(".pdf", PdfMimeType, 0x25, 0x50, 0x44, 0x46));
return(fileVerifier);
}
public static IFileVerifier AddSvgXml(this IFileVerifier fileVerifier)
{
fileVerifier.AddTypeVerifier(new MagicNumberVerifier(".svg", SvgXmlMimeType));
return(fileVerifier);
}
public static IFileVerifier AddPng(this IFileVerifier fileVerifier)
{
fileVerifier.AddTypeVerifier(new MagicNumberVerifier(".png", PngMimeType));
return(fileVerifier);
}
public AssetRepository(IFileFinder fileFinder, IPathBaseInjector pathBaseInjector, IFileVerifier fileVerifier)
{
this.fileFinder = fileFinder;
this.pathBase = pathBaseInjector.PathBase;
this.fileVerifier = fileVerifier;
}
public FileRepository(String baseDir, IFileVerifier fileVerifier)
{
this.baseDir = Path.GetFullPath(baseDir);
this.removePathLength = this.baseDir.Length + 1;
this.fileVerifier = fileVerifier;
}
public static Stream Verify(this IFileVerifier verifier, string path, Stream stream)
{
return(verifier.Verify(path, stream));
}
