Magic Bytes of Blob/Files

[dominique]

Hi

We have to check uploaded files for their mimetype before putting them into db. Compare file extension isn't a good way to check mimetype. Is it possible to check the Magic bytes of a file in a LANSA Server module or function?

Does anybody has an idea?

Thanks

[Dino]

if you are in a webpage, certainly the #STD_BLOB.MimeType is only playing by the extension of the file as I can see.
you could create a simple widget based in the filereader api to obtain those magic bytes and use that widget to validate it.
https://medium.com/the-everyday-develop ... bc513d4e1e

[Dino]

IBM?

Just playing a bit with it besides the widget which requires a bit of crunching on the javascript department...

If I have a blob which I already uploaded to the server (so it is visible to the server module/function) and the server is an IBM....
you can create a PF like this:

Code: Select all

CRTPF FILE(QGPL/TESTBYTES) RCDLEN(6)

then you can copy the blob (I am using here a real location but it could be the temporary assigned to the blob) to the PF like this (using the blob as an start)

Code: Select all

 CPYFRMIMPF FROMSTMF('/lansa_dcxpgmlib/webserver/images/add_1.gif')                                   
            TOFILE(QGPL/TESTBYTES) MBROPT(*REPLACE) FROMCCSID(37)                                     
            TOCCSID(37) RCDDLM(*ALL) DTAFMT(*DLM) STRDLM(*NONE)                                     
            RMVBLANK(*NONE) FLDDLM(*TAB) ERRRCDOPT(*REPLACE)                               

and I can see the magic bytes there (*GIF89a) seems correct for some GIF files

magicbytes.jpg (42.5 KiB) Viewed 9477 times

then a program like this could read those values:

Code: Select all

Define Field(#char) Type(*Bin) Length(1) Decimals(0)

Fetch Fields(#TESTBY001) From_File(testbytes)
Begin_Loop Using(#std_num) To(6)
#char := #TESTBY001.Substring( #std_num 1 )
#Label1.Caption += ('-' + #char.AsHexString)
End_Loop

magicbytes2.jpg (93.48 KiB) Viewed 9477 times

which matches this page information: https://www.netspi.com/blog/technical/w ... -a-glance/

it is a bit dirty though and you have to be careful with the ccsid.

[dominique]

Unfortunatly we don't use IBM Server.

I've found an easy way to solve it in a SvrRoutine. You can check the MagicBytes of a base64 encoded File

Code: Select all

Srvroutine Name(FileUpload)
Field_Map For(*INPUT) Field(#xDemoBlob)
Field_Map For(*INPUT) Field(#iBlobMimeType)
Field_Map For(*OUTPUT) Field(#iTextResponse)

Define Field(#iBlobMimeType) Type(*STRING)
Define Field(#iTextResponse) Type(*STRING)
Define Field(#iMagicByte) Type(*STRING)

Define_Com Class(#XPRIM_File) Name(#File)
Define_Com Class(#XPRIM_Binary) Name(#HashBytes)


#File := #xDemoBlob
If (#File.Exists)
#HashBytes.FromFile Path(#File)

#iMagicByte := #HashBytes.AsBase64String.Substring( 1 5 )
Case Of_Field(#iMagicByte)
When Value_Is(= "JVBER")
#iTextResponse := "MagicBytes:PDF"
When Value_Is(= "/9j/4")
#iTextResponse := "MagicBytes:JPG"
When Value_Is(= "0M8R4")
#iTextResponse := "MagicBytes:MSOffice"
When Value_Is(= "TVpQ" = "TVqQ")
#iTextResponse := "MagicBytes:EXE"
When Value_Is(= "e1xyd")
#iTextResponse := "MagicBytes:RTF"
Otherwise
#iTextResponse := "MagicBytes:??"
Endcase

#iTextResponse += (", Mimetype was &1").substitute( #iBlobMimeType )
Endif
Endroutine

Then add call in your webpage

Code: Select all

Evtroutine Handling(#FilePicker.FileSelected) File(#File)
#COM_SELF.UploadDialog( #File )
Endroutine
Mthroutine Name(UploadDialog)
Define_Map For(*INPUT) Class(#PRIM_WEB.File) Name(#I_File File) Pass(*BY_REFERENCE)


Define_Com Class(#SVM_MagicBites.FileUpload) Name(#Uploader)
#Uploader.Execute Xdemoblob(#I_File.Blob) Itextresponse(#STD_TEXTL) Iblobmimetype(#I_File.MimeType)

#Text := #STD_TEXTL
Endroutine

If you change the extention of a file from JPG to PDF you can see that the MimeType was pdf but the content is Jpg

Regards

[Dino]

Excellent!