Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can I validate a file uploading based on your API? #8

Open
mgh9 opened this issue Jun 21, 2021 · 1 comment
Open

Can I validate a file uploading based on your API? #8

mgh9 opened this issue Jun 21, 2021 · 1 comment

Comments

@mgh9
Copy link

mgh9 commented Jun 21, 2021

I want to validate an uploaded file by detecting the real type of it.

For example, imagine injecting a web-shell script into some part of the image file (e.g: end of the PNG file), I think your API only checks magic numbers (first header bytes) and the web-shells can bypass this technique.
@MmHamzeh
Copy link

I think you better check uploaded file type with "myrmec " and check file extension too.
if file extension is not exists in "myrmec" result, then ignore the file because it means user change file extension and normal users don't do this

be aware "myrmec" can't identify raw text files such as .txt, .css, .js, .json and etc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MmHamzeh @mgh9