package com.servlet;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
public class FileTypeUtils {
public final static Map<String, String> FILE_TYPE_MAP = new HashMap<String, String>();
static {
getAllFileType(); // 初始化文件类型信息
}
private static void getAllFileType() {
FILE_TYPE_MAP.put("FFD8FF","JPEG");
FILE_TYPE_MAP.put("FFD8FF","JPG");
FILE_TYPE_MAP.put("89504E47","PNG");
FILE_TYPE_MAP.put("47494638","GIF");
FILE_TYPE_MAP.put("49492A00","TIF");
FILE_TYPE_MAP.put("424D","BMP");
FILE_TYPE_MAP.put("41433130","DWG");
FILE_TYPE_MAP.put("38425053","PSD");
FILE_TYPE_MAP.put("7B5C727466","RTF");
FILE_TYPE_MAP.put("3C3F786D6C","XML");
FILE_TYPE_MAP.put("68746D6C3E","HTML");
FILE_TYPE_MAP.put("44656C69766572792D646174653A","EML");
FILE_TYPE_MAP.put("CFAD12FEC5FD746F","DBX");
FILE_TYPE_MAP.put("2142444E","PST");
FILE_TYPE_MAP.put("D0CF11E0","XLS.OR.DOC");
FILE_TYPE_MAP.put("5374616E64617264204A","MDB");
FILE_TYPE_MAP.put("FF575043","WPD");
FILE_TYPE_MAP.put("252150532D41646F6265","EPS.OR.PS");
FILE_TYPE_MAP.put("255044462D312E","PDF");
FILE_TYPE_MAP.put("AC9EBD8F","QDF");
FILE_TYPE_MAP.put("E3828596","PWL");
FILE_TYPE_MAP.put("504B0304","ZIP");
FILE_TYPE_MAP.put("52617221","RAR");
FILE_TYPE_MAP.put("57415645","WAV");
FILE_TYPE_MAP.put("41564920","AVI");
FILE_TYPE_MAP.put("2E7261FD","RAM");
FILE_TYPE_MAP.put("2E524D46","RM");
FILE_TYPE_MAP.put("000001BA","MPG");
FILE_TYPE_MAP.put("000001B3","MPG");
FILE_TYPE_MAP.put("6D6F6F76","MOV");
FILE_TYPE_MAP.put("3026B2758E66CF11","ASF");
FILE_TYPE_MAP.put("4D546864","MID");
}
/**
* byte数组转换成16进制字符串
*
* @param src
* @return
*/
public static String bytesToHexString(byte[] src) {
StringBuilder strbuilder = new StringBuilder();
if (src == null || src.length <= 0) {
return null;
}
for (int i = 0; i < src.length; i++) {
int v = src[i] & 0xFF;
String hv = Integer.toHexString(v);
if (hv.length() < 2) {
strbuilder.append(0);
}
strbuilder.append(hv);
}
return strbuilder.toString().toUpperCase();
}
/**
* 根据文件流读取图片文件真实类型
*
* @param is
* @return
* @throws FileNotFoundException
*/
public static String getTypeByStream(FileInputStream is)
throws FileNotFoundException {
String type = "未找到匹配类型";
byte[] b = new byte[4];
try {
is.read(b, 0, b.length);
} catch (IOException e) {
e.printStackTrace();
}
String fileCode = bytesToHexString(b);
System.out.println("文件十六进制代码:" + fileCode);
Iterator<String> keyIter = FILE_TYPE_MAP.keySet().iterator();
while (keyIter.hasNext()) {
String key = (String) keyIter.next().toUpperCase();
if (key.toUpperCase().startsWith(fileCode.toUpperCase()) || fileCode.toUpperCase().startsWith(key.toUpperCase())) {
type = FILE_TYPE_MAP.get(key);
}
}
return type.toUpperCase();
}
/**
* 防范用户通过篡改 文件后缀名的方式欺骗服务器,使用二进制流的方式读取文件头文件,将头文件转换为16 进制
* @param args
* @throws IOException
*/
public static void main(String[] args) throws IOException {
String src = "F:/Dream world.jpg";
// String src = "F:/Dream world2.pdf";
FileInputStream is = new FileInputStream(src);
String type = getTypeByStream(is);
String prefix = src.substring(src.lastIndexOf(".") + 1).toUpperCase();
boolean bool = prefix.equals(type);
if(bool){
System.out.println("文件类型验证正确。");
}else{
System.err.println("文件类型验证失败:");
System.err.println("上传文件后缀:" + prefix);
System.err.println("文件实际类型:" + type);
System.err.println("请修改文件正确类型("+type+")。");
}
}
}
防范用户通过篡改 文件后缀名的方式欺骗服务器,使用二进制流的方式读取文件头文件,将头文件转换为16 进制
最新推荐文章于 2023-11-13 10:24:13 发布