On Sep 21, 2017 11:23 PM, "Paul" <sevenrrain...@gmail.com> wrote:
I'm trying to validate mime types of files uploaded with a predefined list of validate mime types. I need to do the check the file in the buffer before save, even if they are faked or no extensions. You're better off specifying what you do want rather than trying to filter out what you don't. What other non OS dependent solutions that can check if the file is faked or with no extension exist ? (pdf,doc,docs,csv,xls,xlsx, ods,odt,odm) Devise minimal tests for each type of file that you may expect. For example, a CSV shouldn't contain raw binary data, and should be readable by the csv Python lib. A PDF file should be readable by a PDF lib, etc. Use simple logic to filter out likely bad files. For example, it would be rare for an MS Excel file to be missing it's extension, so any tests you devise to check for Excel should be skipped if the file has no extension (and therefore, the file can never be flagged as type MS Excel). Using other libs like mimetypes can also quickly narrow down the tests you'd need to run. All of the pertinent tests should pass with high confidence before associating a MIME type. File size caps also can be useful. Duck typing is your friend here, and heavy exception handling will be needed. To reiterate what Melvyn mentioned, you should probably only do this if the file type validation is absolutely necessary. If files are shared among users, virus scanning and interception may be advised. -James -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CA%2Be%2BciUMK-dBk_baJ%2BnkEMYb5TbPGdDoyuA%3DAJ6%3DGqfyqOYN_w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
