Page 1 of 1
Magic Bytes of Blob/Files
Posted: Tue Feb 15, 2022 6:21 pm
by dominique
Hi
We have to check uploaded files for their mimetype before putting them into db. Compare file extension isn't a good way to check mimetype. Is it possible to check the Magic bytes of a file in a LANSA Server module or function?
Does anybody has an idea?
Thanks
Re: Magic Bytes of Blob/Files
Posted: Wed Feb 16, 2022 3:29 am
by Dino
if you are in a webpage, certainly the #STD_BLOB.MimeType is only playing by the extension of the file as I can see.
you could create a simple widget based in the filereader api to obtain those magic bytes and use that widget to validate it.
https://medium.com/the-everyday-develop ... bc513d4e1e
Re: Magic Bytes of Blob/Files
Posted: Wed Feb 16, 2022 11:46 am
by Dino
IBM?
Just playing a bit with it besides the widget which requires a bit of crunching on the javascript department...
If I have a blob which I already uploaded to the server (so it is visible to the server module/function) and the server is an IBM....
you can create a PF like this:
Code: Select all
CRTPF FILE(QGPL/TESTBYTES) RCDLEN(6)
then you can copy the blob (I am using here a real location but it could be the temporary assigned to the blob) to the PF like this (using the blob as an start)
Code: Select all
CPYFRMIMPF FROMSTMF('/lansa_dcxpgmlib/webserver/images/add_1.gif')
TOFILE(QGPL/TESTBYTES) MBROPT(*REPLACE) FROMCCSID(37)
TOCCSID(37) RCDDLM(*ALL) DTAFMT(*DLM) STRDLM(*NONE)
RMVBLANK(*NONE) FLDDLM(*TAB) ERRRCDOPT(*REPLACE)
and I can see the magic bytes there (*GIF89a) seems correct for some GIF files
- magicbytes.jpg (42.5 KiB) Viewed 9481 times
then a program like this could read those values:
Code: Select all
Define Field(#char) Type(*Bin) Length(1) Decimals(0)
Fetch Fields(#TESTBY001) From_File(testbytes)
Begin_Loop Using(#std_num) To(6)
#char := #TESTBY001.Substring( #std_num 1 )
#Label1.Caption += ('-' + #char.AsHexString)
End_Loop
- magicbytes2.jpg (93.48 KiB) Viewed 9481 times
which matches this page information:
https://www.netspi.com/blog/technical/w ... -a-glance/
it is a bit dirty though and you have to be careful with the ccsid.
Re: Magic Bytes of Blob/Files
Posted: Fri Feb 25, 2022 1:28 am
by dominique
Unfortunatly we don't use IBM Server.
I've found an easy way to solve it in a SvrRoutine. You can check the MagicBytes of a base64 encoded File
Code: Select all
Srvroutine Name(FileUpload)
Field_Map For(*INPUT) Field(#xDemoBlob)
Field_Map For(*INPUT) Field(#iBlobMimeType)
Field_Map For(*OUTPUT) Field(#iTextResponse)
Define Field(#iBlobMimeType) Type(*STRING)
Define Field(#iTextResponse) Type(*STRING)
Define Field(#iMagicByte) Type(*STRING)
Define_Com Class(#XPRIM_File) Name(#File)
Define_Com Class(#XPRIM_Binary) Name(#HashBytes)
#File := #xDemoBlob
If (#File.Exists)
#HashBytes.FromFile Path(#File)
#iMagicByte := #HashBytes.AsBase64String.Substring( 1 5 )
Case Of_Field(#iMagicByte)
When Value_Is(= "JVBER")
#iTextResponse := "MagicBytes:PDF"
When Value_Is(= "/9j/4")
#iTextResponse := "MagicBytes:JPG"
When Value_Is(= "0M8R4")
#iTextResponse := "MagicBytes:MSOffice"
When Value_Is(= "TVpQ" = "TVqQ")
#iTextResponse := "MagicBytes:EXE"
When Value_Is(= "e1xyd")
#iTextResponse := "MagicBytes:RTF"
Otherwise
#iTextResponse := "MagicBytes:??"
Endcase
#iTextResponse += (", Mimetype was &1").substitute( #iBlobMimeType )
Endif
Endroutine
Then add call in your webpage
Code: Select all
Evtroutine Handling(#FilePicker.FileSelected) File(#File)
#COM_SELF.UploadDialog( #File )
Endroutine
Mthroutine Name(UploadDialog)
Define_Map For(*INPUT) Class(#PRIM_WEB.File) Name(#I_File File) Pass(*BY_REFERENCE)
Define_Com Class(#SVM_MagicBites.FileUpload) Name(#Uploader)
#Uploader.Execute Xdemoblob(#I_File.Blob) Itextresponse(#STD_TEXTL) Iblobmimetype(#I_File.MimeType)
#Text := #STD_TEXTL
Endroutine
If you change the extention of a file from JPG to PDF you can see that the MimeType was pdf but the content is Jpg
Regards
Re: Magic Bytes of Blob/Files
Posted: Fri Feb 25, 2022 1:36 am
by Dino
Excellent!