Fazendo libmagic / arquivo detectar arquivos .docx

17

Como visto em outro lugar , docx, xlsx e pttx são ZIPs. Ao fazer o upload deles para meu aplicativo da Web, file (via libmagic e python-magic ) os detecta como sendo ZIP.

Eu armazeno o conteúdo do arquivo como um blob no banco de dados, mas naturalmente não quero confiar no usuário com o tipo de arquivo que ele é. Então, eu gostaria de confiar em file e gerar automaticamente um nome de arquivo durante o download.

Eu sei que um pode modificar /etc/magic , mas o formato ( magic(5) ) é muito complicado para mim. Eu achei um relatório de bug sobre o problema nos bugs do Debian mas já que é de 2008 ele não não parece ser corrigido tão cedo.

Eu acho que minha única alternativa é realmente confiar no usuário (mas ainda armazenar o conteúdo como um blob) e apenas verificar a extensão do arquivo com base no nome do arquivo. Dessa forma, eu posso proibir algumas extensões e permitir que outras pessoas o façam. E quando o usuário transfere novamente seu arquivo, ele pode tê-lo da maneira que ele fez. Mas esta solução é insegura se o arquivo é compartilhado com outras pessoas, já que você pode simplesmente renomear o arquivo para permitir o upload.

Alguma idéia?

Por fim, encontrei uma lista de números mágicos para docx etc , mas não consigo convertê-los no formato magic(5) .

    
por Jonatan Littke 06.12.2011 / 12:11

3 respostas

17

Você pode usar

0       string  PK\x03\x04\x14\x00\x06\x00      Microsoft Office Open XML Format

em / etc / magic para identificar o tipo de arquivo geral com base nas informações que você forneceu.

(No entanto, isso pode não ser universal: PK\x03\x04\x00\x14\x08\x08 foi observado no início dos arquivos XLSX gerados pelo LibreOffice.)

Versões posteriores do Ubuntu tentam identificar corretamente os arquivos .docx, .pptx e .xlsx. Pesquisando no código sorce para o utilitário de arquivos, encontrei o arquivo ~/file-5.09/magic/Magdir/msooxml que faz a identificação. Você pode obter uma cópia do arquivo e adicione-o ao seu arquivo /etc/magic .

Incluindo cópia do arquivo que foi atualizado para v 1.5

# $File: msooxml,v 1.5 2014/08/05 07:38:45 christos Exp $
# msooxml:  file(1) magic for Microsoft Office XML
# From: Ralf Brown <[email protected]>

# .docx, .pptx, and .xlsx are XML plus other files inside a ZIP
#   archive.  The first member file is normally "[Content_Types].xml".
#   but some libreoffice generated files put this later. Perhaps skip
#   the "[Content_Types].xml" test?
# Since MSOOXML doesn't have anything like the uncompressed "mimetype"
#   file of ePub or OpenDocument, we'll have to scan for a filename
#   which can distinguish between the three types

# start by checking for ZIP local file header signature
0       string      PK
#------------------------------------------------------------------------------
# $File: msooxml,v 1.2 2013/01/25 23:04:37 christos Exp $
# msooxml:  file(1) magic for Microsoft Office XML
# From: Ralf Brown <[email protected]>

# .docx, .pptx, and .xlsx are XML plus other files inside a ZIP
#   archive.  The first member file is normally "[Content_Types].xml".
# Since MSOOXML doesn't have anything like the uncompressed "mimetype"
#   file of ePub or OpenDocument, we'll have to scan for a filename
#   which can distinguish between the three types

# start by checking for ZIP local file header signature
0               string          PK
0       string  PK\x03\x04\x14\x00\x06\x00      Microsoft Office Open XML Format
3
# $File: msooxml,v 1.5 2014/08/05 07:38:45 christos Exp $
# msooxml:  file(1) magic for Microsoft Office XML
# From: Ralf Brown <[email protected]>

# .docx, .pptx, and .xlsx are XML plus other files inside a ZIP
#   archive.  The first member file is normally "[Content_Types].xml".
#   but some libreoffice generated files put this later. Perhaps skip
#   the "[Content_Types].xml" test?
# Since MSOOXML doesn't have anything like the uncompressed "mimetype"
#   file of ePub or OpenDocument, we'll have to scan for a filename
#   which can distinguish between the three types

# start by checking for ZIP local file header signature
0       string      PK
#------------------------------------------------------------------------------
# $File: msooxml,v 1.2 2013/01/25 23:04:37 christos Exp $
# msooxml:  file(1) magic for Microsoft Office XML
# From: Ralf Brown <[email protected]>

# .docx, .pptx, and .xlsx are XML plus other files inside a ZIP
#   archive.  The first member file is normally "[Content_Types].xml".
# Since MSOOXML doesn't have anything like the uncompressed "mimetype"
#   file of ePub or OpenDocument, we'll have to scan for a filename
#   which can distinguish between the three types

# start by checking for ZIP local file header signature
0               string          PK%pre%3%pre%4
# make sure the first file is correct
>0x1E           string          [Content_Types].xml
# skip to the second local file header
#   since some documents include a 520-byte extra field following the file
#   header,  we need to scan for the next header
>>(18.l+49)     search/2000     PK%pre%3%pre%4
# now skip to the *third* local file header; again, we need to scan due to a
#   520-byte extra field following the file header
>>>&26          search/1000     PK%pre%3%pre%4
# and check the subdirectory name to determine which type of OOXML
#   file we have
#   Correct the mimetype with the registered ones:
#     http://technet.microsoft.com/en-us/library/cc179224.aspx
>>>>&26         string          word/           Microsoft Word 2007+
!:mime application/vnd.openxmlformats-officedocument.wordprocessingml.document
>>>>&26         string          ppt/            Microsoft PowerPoint 2007+
!:mime application/vnd.openxmlformats-officedocument.presentationml.presentation
>>>>&26         string          xl/             Microsoft Excel 2007+
!:mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
>>>>&26         default         x               Microsoft OOXML
!:strength +10
3%pre%4 !:strength +10 # make sure the first file is correct >0x1E regex \[Content_Types\]\.xml|_rels/\.rels # skip to the second local file header # since some documents include a 520-byte extra field following the file # header, we need to scan for the next header >>(18.l+49) search/2000 PK%pre%3%pre%4 # now skip to the *third* local file header; again, we need to scan due to a # 520-byte extra field following the file header >>>&26 search/1000 PK%pre%3%pre%4 # and check the subdirectory name to determine which type of OOXML # file we have. Correct the mimetype with the registered ones: # http://technet.microsoft.com/en-us/library/cc179224.aspx >>>>&26 string word/ Microsoft Word 2007+ !:mime application/vnd.openxmlformats-officedocument.wordprocessingml.document >>>>&26 string ppt/ Microsoft PowerPoint 2007+ !:mime application/vnd.openxmlformats-officedocument.presentationml.presentation >>>>&26 string xl/ Microsoft Excel 2007+ !:mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet >>>>&26 default x Microsoft OOXML ---
4 # make sure the first file is correct >0x1E string [Content_Types].xml # skip to the second local file header # since some documents include a 520-byte extra field following the file # header, we need to scan for the next header >>(18.l+49) search/2000 PK%pre%3%pre%4 # now skip to the *third* local file header; again, we need to scan due to a # 520-byte extra field following the file header >>>&26 search/1000 PK%pre%3%pre%4 # and check the subdirectory name to determine which type of OOXML # file we have # Correct the mimetype with the registered ones: # http://technet.microsoft.com/en-us/library/cc179224.aspx >>>>&26 string word/ Microsoft Word 2007+ !:mime application/vnd.openxmlformats-officedocument.wordprocessingml.document >>>>&26 string ppt/ Microsoft PowerPoint 2007+ !:mime application/vnd.openxmlformats-officedocument.presentationml.presentation >>>>&26 string xl/ Microsoft Excel 2007+ !:mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet >>>>&26 default x Microsoft OOXML !:strength +10
3%pre%4 !:strength +10 # make sure the first file is correct >0x1E regex \[Content_Types\]\.xml|_rels/\.rels # skip to the second local file header # since some documents include a 520-byte extra field following the file # header, we need to scan for the next header >>(18.l+49) search/2000 PK%pre%3%pre%4 # now skip to the *third* local file header; again, we need to scan due to a # 520-byte extra field following the file header >>>&26 search/1000 PK%pre%3%pre%4 # and check the subdirectory name to determine which type of OOXML # file we have. Correct the mimetype with the registered ones: # http://technet.microsoft.com/en-us/library/cc179224.aspx >>>>&26 string word/ Microsoft Word 2007+ !:mime application/vnd.openxmlformats-officedocument.wordprocessingml.document >>>>&26 string ppt/ Microsoft PowerPoint 2007+ !:mime application/vnd.openxmlformats-officedocument.presentationml.presentation >>>>&26 string xl/ Microsoft Excel 2007+ !:mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet >>>>&26 default x Microsoft OOXML ---

Mas deixar V1.2 aqui para a posteridade.

Incluir uma cópia aqui, pois o link acima pode ficar desatualizado à medida que o pacote de arquivos é atualizado.

%pre%     
por 09.04.2012 / 12:12
4
O arquivo

, versão anterior a 5.13, trunca o tipo MIME para 64 caracteres. Portanto, usando o conteúdo do msooxml, o tipo MIME do comando file -bi se torna "aplicativo mime / vnd.openxmlformats-officedocument.wordprocessingml.d; charset = binary"

    
por 16.05.2013 / 23:33
0

se usar o docx do libreoffice, você pode adicionar conteúdo (abaixo) ao / etc / magic:

# start by checking for ZIP local file header signature
0               string          PK
# start by checking for ZIP local file header signature
0               string          PK%pre%3%pre%4
!:strength +10
>1104           search/300      PK%pre%3%pre%4
# and check the subdirectory name to determine which type of OOXML
# file we have.  Correct the mimetype with the registered ones:
# http://technet.microsoft.com/en-us/library/cc179224.aspx
>>&26           string          word/           Microsoft Word 2007+
!:mime application/vnd.openxmlformats-officedocument.wordprocessingml.document
>>&26         string          ppt/            Microsoft PowerPoint 2007+
!:mime application/vnd.openxmlformats-officedocument.presentationml.presentation
>>&26         string          xl/             Microsoft Excel 2007+
!:mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
>>&26         default         x               Microsoft OOXML
3%pre%4 !:strength +10 >1104 search/300 PK%pre%3%pre%4 # and check the subdirectory name to determine which type of OOXML # file we have. Correct the mimetype with the registered ones: # http://technet.microsoft.com/en-us/library/cc179224.aspx >>&26 string word/ Microsoft Word 2007+ !:mime application/vnd.openxmlformats-officedocument.wordprocessingml.document >>&26 string ppt/ Microsoft PowerPoint 2007+ !:mime application/vnd.openxmlformats-officedocument.presentationml.presentation >>&26 string xl/ Microsoft Excel 2007+ !:mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet >>&26 default x Microsoft OOXML
    
por 24.02.2017 / 07:41