How to be sure that an uploaded file type is the real type, using IFormFile, without relying on extension or content type.

Nuno Marques 1 Reputation point
2022-03-01T18:54:57.36+00:00

Hi community,

I would like to know, because I've being search but without success, if is there a way to check the real file type on upload?
My scenario is, imagine that a user changes an executable file extension from ".exe" to ".jpg" or ".png", when he/she upload the file it looks like an image, and I'm only accepting these two types, but the file is a masked executable, is there a way to verify that?
Just to let you know, I already tried to check the first bytes, but when I changed the extension of the executable, I'm getting the bytes of a JPG or PNG, so it seems that it's not working.
Thank for those who will spend some time to help me!

Developer technologies | ASP.NET | ASP.NET Core
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Sewbaran, MR (Manish) 5 Reputation points
    2023-02-23T16:01:21.8+00:00
    1 person found this answer helpful.
    0 comments No comments

  2. Anonymous
    2022-03-02T02:06:05.087+00:00

    Hi @Nuno Marques ,

    My scenario is, imagine that a user changes an executable file extension from ".exe" to ".jpg" or ".png", when he/she upload the file it looks like an image, and I'm only accepting these two types, but the file is a masked executable, is there a way to verify that?

    We can't verify that.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best regards,
    Dillion

    0 comments No comments

  3. Bruce (SqlWork.com) 77,766 Reputation points Volunteer Moderator
    2023-02-23T17:00:13.2866667+00:00

    to determine the file type you need to read and compare the format to known types. try this library:

    https://github.com/AJMitev/FileTypeChecker

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.