Java 如何验证具有有效扩展名的文件?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/21110921/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to validate a file with valid extension?
提问by Java Programmer
Lets say the input to my Java code is a jpeg file. How can i verify it before starting process that the input is having a valid extension. Sometimes the user upload a pdf file with extension modified to a jpeg, thus crashing the code.
假设我的 Java 代码的输入是一个 jpeg 文件。如何在开始处理之前验证输入是否具有有效的扩展名。有时,用户上传扩展名为 jpeg 的 pdf 文件,从而导致代码崩溃。
There is a point of magic numberwith each file. But is there any alternative to solve this problem.
每个文件都有一个幻数点。但是有没有办法解决这个问题。
采纳答案by Paul Hicks
The magic number solution is already implemented: see this topicfor links to the Java Mime Magic Library.
幻数解决方案已经实现:请参阅此主题以获取指向 Java Mime Magic Library 的链接。
回答by eltabo
Check the file signature:
检查文件签名:
http://www.filesignatures.net/index.php?search=JPEG&mode=EXT
http://www.filesignatures.net/index.php?search=JPEG&mode=EXT
http://en.wikipedia.org/wiki/List_of_file_signatures
http://en.wikipedia.org/wiki/List_of_file_signatures
You can verify file type by reading few bytes.
您可以通过读取几个字节来验证文件类型。
Regards.
问候。
回答by Vinayak Pingale
a. This function below will list all the extension in the directory. What you can do is list all and get the extension of all files and can check which files can be uploaded. You can provide a client side validation on the UI that only .jpeg files are allowed.
一种。下面的这个函数将列出目录中的所有扩展名。您可以做的是列出所有文件并获取所有文件的扩展名,并可以检查可以上传哪些文件。您可以在 UI 上提供仅允许 .jpeg 文件的客户端验证。
public static void main(String args[]) {
System.out.println("GET");
File fileObj = new File("D:\");
File[] listAll = fileObj.listFiles();
for (File file : listOfFiles) {
if (file.isFile()) {
System.out.println("Extension ."+file.getName().substring(file.getName().lastIndexOf('.')+1));
}
}
}
b. Regarding miscrepancies of the extension i have not gone through such situation. May be the point specified by eltabo can help.
湾 关于延期的错误,我没有经历过这种情况。可能是 eltabo 指定的点可以提供帮助。
回答by Alberto
If you want just to check the file name, you can do this:
如果你只想检查文件名,你可以这样做:
public boolean checkJPEG(File file) {
String fileName = file.getName().toUpperCase();
return fileName.endsWith(".JPG") || fileName.endsWith(".JPEG");
}
But this method check only the file name, not the content. A more complete method include the magic number test.
但是这种方法只检查文件名,而不是内容。更完整的方法包括幻数测试。
public boolean checkJPEG(File file) throws IOException {
String fileName = file.getName().toUpperCase();
boolean extension = fileName.endsWith(".JPG") || fileName.endsWith(".JPEG");
if (!extension) {
return false;
}
FileInputStream in = null;
try {
in = new FileInputStream(file)
byte[] magic = new byte[3];
int count = in.read(magic);
if (count < 3) return false;
return magic[0] == 0xFF && magic[1] == 0xD8 && magic[2] == 0xFF;
} finally {
try {
if (in != null) in.close();
} catch (IOException ex) {}
}
}
List of file signatures here: http://en.wikipedia.org/wiki/List_of_file_signatures
此处的文件签名列表:http: //en.wikipedia.org/wiki/List_of_file_signatures
回答by Durandal
You can not be sure of a files type, unless you completelyparse the file and verify that it adheres completely to the format specification. Only then you can be sure.
您无法确定文件类型,除非您完全解析文件并验证它完全符合格式规范。只有这样你才能确定。
Checking the magic number is a quick way of checking with a high probability to guess the type correctly. But obviously its not foolproof, its easy to make a file that starts with the bytes FF D8 FF, which would look like its a jpeg, but there is obviously no guarantee that its really a jpeg.
检查幻数是一种以高概率正确猜测类型的快速检查方法。但显然它不是万无一失的,它很容易制作一个以字节 FF D8 FF 开头的文件,它看起来像一个 jpeg,但显然不能保证它真的是一个 jpeg。
Or just rely on the file extension.
或者只依赖文件扩展名。
You just have to make a trade between reliability and simplicity. If you want simple, trust the file extension. If you want safety, verify the file contents.
您只需要在可靠性和简单性之间进行权衡。如果您想要简单,请信任文件扩展名。如果您想要安全,请验证文件内容。