MagicNumbers is a .NET library for file binary header validation against file extension. This package determines if the received file has the original extension or if it has been changed, by matching binary header data for every extension provided by MagicNumbers wiki.
| Package name | Description | .NET | NuGet |
|---|---|---|---|
| File.Validator | Base file validator for regular use | |
 |
| File.Validator.Web | .NET Core REST API Middleware and annotations for MVC controllers | |
 |
Base Package
dotnet add package File.Validator --version 1.0.1.NET MVC
dotnet add package File.Validator.Web --version 1.0.0Using isValidExtension from the FileValidator class required File.Validator package. By providing the binary stream, and expected extension, you can determine whether file data matches, that extension.
var extension = "exe";
var stream = new MemoryStream();
bool isValid = FileValidator.isValidExtension(stream, extension);File.Validator.Web provides one additional middleware for automatic file validation before request finalization. IApplicationBuilder interface extension from FileExtensionValidatorMiddlewareExtension should be used to register the middleware with UseFileValidation.
Note
To use annotations, middleware should be registered after endpoing routing middleware.
// Program.cs
app.UseRouting();
app.UseFileValidation();Using controller annotations requires File.Validator.Web.Annotations.
| Annotation | Description | Parameter |
|---|---|---|
AllowedOnlyExtensions |
If extension NOT IN list, expect unauthorized. (still do validation) | string[] |
IgnoredExtensions |
If extension in list, skip file validation | string[] |
RejectedExtensions |
If extension IN list, expect unauthorized. (Do not do validation) | string[] |
[AllowedOnlyExtensions(new string[] {"pdf"})]
public IActionResult Index(IFormFile formFile)
{
return View();
}