文件白名单校验格式

package com.zjtzsw.ythzsrs.common.util;

/**
 * 

* *

* * @author zzl * @since 2022/8/9 17:13 */ import org.springframework.web.multipart.MultipartFile; import java.io.*; import java.util.*; public class FileTypeVerifyUtils { private static Map fileFormat = new HashMap(); static { fileFormat.put("jpg","ffd8ffe0"); fileFormat.put("png","89504e47"); fileFormat.put("tif","49492a00"); fileFormat.put("gif","47494638"); fileFormat.put("dwg","41433130"); fileFormat.put("pdf","255044462"); fileFormat.put("zip","504b0304"); fileFormat.put("docx","504b0304"); fileFormat.put("doc","d0cf11e0"); fileFormat.put("xls","d0cf11e0"); fileFormat.put("xlsx","504b0304"); } /** * @Description 根据传入的文件获得后缀,获得指定文件格式byte[]数组中的前8位字符 * 将传入文件转化为byte[]数组,取前8位.判断传入文件的前8位和我们指定好的文件byte[]的前8位是否相同, * 如果相同则文件格式没有被篡改,反之,文件后缀格式被篡改 * @Param [file] * @return boolean 返回true 表示文件格式验证通过, 返回false 文件格式验证失败 **/ public static boolean suffixVerify(File file){ String fileType = ""; String name = file.getName(); int i = name.lastIndexOf("."); // 获取文件的后缀 if(i > 0){ fileType = name.substring(i + 1); } //根据文件的后缀获取,获取文件的byte[]的前8位 if(fileFormat.containsKey(fileType.toLowerCase())){ String fileByte8 = String.valueOf(fileFormat.get(fileType.toLowerCase())); //获取传入文件的byte[]的前8位 byte[] bytes = inputStream2ByteArray(file); String compareByte = bytesToHexString(bytes); //如果传入文件的byte[]的前8位和我们定义好的byte[]的前8位相同,验证通过. if (compareByte.startsWith(fileByte8)){ //如果格式校验成功 return true; }else{ return false; } }else{ return false; } } /** * @Description 将file文件转化为byte[] * @Param [file] * @return byte[] **/ private static byte[] inputStream2ByteArray(File file){ ByteArrayOutputStream bos = new ByteArrayOutputStream(); FileInputStream fis = null; byte[] buffer = null; try { fis = new FileInputStream(file); //不用读取全部文件,只读文件前面的部分 byte[] b = new byte[1024]; fis.read(b); bos.write(b, 0, 1024); buffer = bos.toByteArray(); }catch (FileNotFoundException e){ e.printStackTrace(); }catch (IOException e1){ e1.printStackTrace(); }finally { try { fis.close(); } catch (IOException e1) { e1.printStackTrace(); } try { if(bos !=null){ bos.close(); } }catch (Exception e){ e.printStackTrace(); } } return buffer; } /** * @Description 取byte[]前8位的为字符串 * @Param [src] * @return java.lang.String **/ private static String bytesToHexString(byte[] src) { StringBuilder stringBuilder = new StringBuilder(); if (src == null || src.length <= 0) { return null; } for (int i = 0; i < src.length; i++) { int v = src[i] & 0xFF; String hv = Integer.toHexString(v); if (hv.length() < 2) { stringBuilder.append(0); } stringBuilder.append(hv); } return stringBuilder.toString().toLowerCase(); } /** * 将multipartFile转成File * @param multipartFile * @return * @throws IOException */ public static File multipartFileToFile(MultipartFile multipartFile) throws IOException { if (multipartFile == null) { return null; } InputStream inputStream = multipartFile.getInputStream(); File file = new File(Objects.requireNonNull(multipartFile.getOriginalFilename())); try { OutputStream os = new FileOutputStream(file); int bytesRead; byte[] buffer = new byte[8192]; while ((bytesRead = inputStream.read(buffer, 0, 8192)) != -1) { os.write(buffer, 0, bytesRead); } os.close(); inputStream.close(); } catch (Exception e) { e.printStackTrace(); } return file; } private final static String[] FILE_TYPE_LIST = {"jpg","png","tif","gif","dwg","pdf","zip","docx","doc","xls","xlsx","mp4","mp3"}; /** * 对比后缀是否匹配 * @param file * @return */ public static boolean isValid(MultipartFile file) { String fileName = file.getOriginalFilename(); String flag = "."; int index = fileName.lastIndexOf(flag); String prefix = fileName.substring(index + 1, fileName.length()); if (index != 0 && Arrays.asList(FILE_TYPE_LIST).contains(prefix)) { return true; } else { return false; } } }

你可能感兴趣的:(文件白名单校验格式)