Fazendo libmagic / arquivo detectar arquivos .docx

Question

Fazendo libmagic / arquivo detectar arquivos .docx

#1 resposta do (17 votos)
#2 resposta do (4 votos)
#3 resposta do (0 votos)

17

Como visto em outro lugar , docx, xlsx e pttx são ZIPs. Ao fazer o upload deles para meu aplicativo da Web, file (via libmagic e python-magic ) os detecta como sendo ZIP.

Eu armazeno o conteúdo do arquivo como um blob no banco de dados, mas naturalmente não quero confiar no usuário com o tipo de arquivo que ele é. Então, eu gostaria de confiar em file e gerar automaticamente um nome de arquivo durante o download.

Eu sei que um pode modificar /etc/magic , mas o formato ( magic(5) ) é muito complicado para mim. Eu achei um relatório de bug sobre o problema nos bugs do Debian mas já que é de 2008 ele não não parece ser corrigido tão cedo.

Eu acho que minha única alternativa é realmente confiar no usuário (mas ainda armazenar o conteúdo como um blob) e apenas verificar a extensão do arquivo com base no nome do arquivo. Dessa forma, eu posso proibir algumas extensões e permitir que outras pessoas o façam. E quando o usuário transfere novamente seu arquivo, ele pode tê-lo da maneira que ele fez. Mas esta solução é insegura se o arquivo é compartilhado com outras pessoas, já que você pode simplesmente renomear o arquivo para permitir o upload.

Alguma idéia?

Por fim, encontrei uma lista de números mágicos para docx etc , mas não consigo convertê-los no formato magic(5) .

debian linux unix mime

por Jonatan Littke 06.12.2011 / 12:11

3 respostas

Tags debian linux unix mime

Modo de rede VMWare (NAT ou Bridged)? Script do PowerShell para localizar usuários do AD com adminCount 0

score 17 · Answer 1

Você pode usar

0       string  PK\x03\x04\x14\x00\x06\x00      Microsoft Office Open XML Format

em / etc / magic para identificar o tipo de arquivo geral com base nas informações que você forneceu.

(No entanto, isso pode não ser universal: PK\x03\x04\x00\x14\x08\x08 foi observado no início dos arquivos XLSX gerados pelo LibreOffice.)

Versões posteriores do Ubuntu tentam identificar corretamente os arquivos .docx, .pptx e .xlsx. Pesquisando no código sorce para o utilitário de arquivos, encontrei o arquivo ~/file-5.09/magic/Magdir/msooxml que faz a identificação. Você pode obter uma cópia do arquivo e adicione-o ao seu arquivo /etc/magic .

Incluindo cópia do arquivo que foi atualizado para v 1.5

# $File: msooxml,v 1.5 2014/08/05 07:38:45 christos Exp $
# msooxml:  file(1) magic for Microsoft Office XML
# From: Ralf Brown <[email protected]>

# .docx, .pptx, and .xlsx are XML plus other files inside a ZIP
#   archive.  The first member file is normally "[Content_Types].xml".
#   but some libreoffice generated files put this later. Perhaps skip
#   the "[Content_Types].xml" test?
# Since MSOOXML doesn't have anything like the uncompressed "mimetype"
#   file of ePub or OpenDocument, we'll have to scan for a filename
#   which can distinguish between the three types

# start by checking for ZIP local file header signature
0       string      PK#------------------------------------------------------------------------------
# $File: msooxml,v 1.2 2013/01/25 23:04:37 christos Exp $
# msooxml:  file(1) magic for Microsoft Office XML
# From: Ralf Brown <[email protected]>

# .docx, .pptx, and .xlsx are XML plus other files inside a ZIP
#   archive.  The first member file is normally "[Content_Types].xml".
# Since MSOOXML doesn't have anything like the uncompressed "mimetype"
#   file of ePub or OpenDocument, we'll have to scan for a filename
#   which can distinguish between the three types

# start by checking for ZIP local file header signature
0               string          PK0       string  PK\x03\x04\x14\x00\x06\x00      Microsoft Office Open XML Format
3# $File: msooxml,v 1.5 2014/08/05 07:38:45 christos Exp $
# msooxml:  file(1) magic for Microsoft Office XML
# From: Ralf Brown <[email protected]>

# .docx, .pptx, and .xlsx are XML plus other files inside a ZIP
#   archive.  The first member file is normally "[Content_Types].xml".
#   but some libreoffice generated files put this later. Perhaps skip
#   the "[Content_Types].xml" test?
# Since MSOOXML doesn't have anything like the uncompressed "mimetype"
#   file of ePub or OpenDocument, we'll have to scan for a filename
#   which can distinguish between the three types

# start by checking for ZIP local file header signature
0       string      PK#------------------------------------------------------------------------------
# $File: msooxml,v 1.2 2013/01/25 23:04:37 christos Exp $
# msooxml:  file(1) magic for Microsoft Office XML
# From: Ralf Brown <[email protected]>

# .docx, .pptx, and .xlsx are XML plus other files inside a ZIP
#   archive.  The first member file is normally "[Content_Types].xml".
# Since MSOOXML doesn't have anything like the uncompressed "mimetype"
#   file of ePub or OpenDocument, we'll have to scan for a filename
#   which can distinguish between the three types

# start by checking for ZIP local file header signature
0               string          PK%pre%3%pre%4
# make sure the first file is correct
>0x1E           string          [Content_Types].xml
# skip to the second local file header
#   since some documents include a 520-byte extra field following the file
#   header,  we need to scan for the next header
>>(18.l+49)     search/2000     PK%pre%3%pre%4
# now skip to the *third* local file header; again, we need to scan due to a
#   520-byte extra field following the file header
>>>&26          search/1000     PK%pre%3%pre%4
# and check the subdirectory name to determine which type of OOXML
#   file we have
#   Correct the mimetype with the registered ones:
#     http://technet.microsoft.com/en-us/library/cc179224.aspx
>>>>&26         string          word/           Microsoft Word 2007+
!:mime application/vnd.openxmlformats-officedocument.wordprocessingml.document
>>>>&26         string          ppt/            Microsoft PowerPoint 2007+
!:mime application/vnd.openxmlformats-officedocument.presentationml.presentation
>>>>&26         string          xl/             Microsoft Excel 2007+
!:mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
>>>>&26         default         x               Microsoft OOXML
!:strength +10
3%pre%4
!:strength +10
# make sure the first file is correct
>0x1E       regex       \[Content_Types\]\.xml|_rels/\.rels
# skip to the second local file header
# since some documents include a 520-byte extra field following the file
# header, we need to scan for the next header
>>(18.l+49) search/2000 PK%pre%3%pre%4
# now skip to the *third* local file header; again, we need to scan due to a
# 520-byte extra field following the file header
>>>&26      search/1000 PK%pre%3%pre%4
# and check the subdirectory name to determine which type of OOXML
# file we have.  Correct the mimetype with the registered ones:
# http://technet.microsoft.com/en-us/library/cc179224.aspx
>>>>&26     string      word/       Microsoft Word 2007+
!:mime application/vnd.openxmlformats-officedocument.wordprocessingml.document
>>>>&26     string      ppt/        Microsoft PowerPoint 2007+
!:mime application/vnd.openxmlformats-officedocument.presentationml.presentation
>>>>&26     string      xl/     Microsoft Excel 2007+
!:mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
>>>>&26     default     x       Microsoft OOXML
---
4
# make sure the first file is correct
>0x1E           string          [Content_Types].xml
# skip to the second local file header
#   since some documents include a 520-byte extra field following the file
#   header,  we need to scan for the next header
>>(18.l+49)     search/2000     PK%pre%3%pre%4
# now skip to the *third* local file header; again, we need to scan due to a
#   520-byte extra field following the file header
>>>&26          search/1000     PK%pre%3%pre%4
# and check the subdirectory name to determine which type of OOXML
#   file we have
#   Correct the mimetype with the registered ones:
#     http://technet.microsoft.com/en-us/library/cc179224.aspx
>>>>&26         string          word/           Microsoft Word 2007+
!:mime application/vnd.openxmlformats-officedocument.wordprocessingml.document
>>>>&26         string          ppt/            Microsoft PowerPoint 2007+
!:mime application/vnd.openxmlformats-officedocument.presentationml.presentation
>>>>&26         string          xl/             Microsoft Excel 2007+
!:mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
>>>>&26         default         x               Microsoft OOXML
!:strength +10
3%pre%4
!:strength +10
# make sure the first file is correct
>0x1E       regex       \[Content_Types\]\.xml|_rels/\.rels
# skip to the second local file header
# since some documents include a 520-byte extra field following the file
# header, we need to scan for the next header
>>(18.l+49) search/2000 PK%pre%3%pre%4
# now skip to the *third* local file header; again, we need to scan due to a
# 520-byte extra field following the file header
>>>&26      search/1000 PK%pre%3%pre%4
# and check the subdirectory name to determine which type of OOXML
# file we have.  Correct the mimetype with the registered ones:
# http://technet.microsoft.com/en-us/library/cc179224.aspx
>>>>&26     string      word/       Microsoft Word 2007+
!:mime application/vnd.openxmlformats-officedocument.wordprocessingml.document
>>>>&26     string      ppt/        Microsoft PowerPoint 2007+
!:mime application/vnd.openxmlformats-officedocument.presentationml.presentation
>>>>&26     string      xl/     Microsoft Excel 2007+
!:mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
>>>>&26     default     x       Microsoft OOXML
---

Mas deixar V1.2 aqui para a posteridade.

Incluir uma cópia aqui, pois o link acima pode ficar desatualizado à medida que o pacote de arquivos é atualizado.

%pre%

score 4 · Answer 2

O arquivo

, versão anterior a 5.13, trunca o tipo MIME para 64 caracteres. Portanto, usando o conteúdo do msooxml, o tipo MIME do comando file -bi se torna "aplicativo mime / vnd.openxmlformats-officedocument.wordprocessingml.d; charset = binary"

score 0 · Answer 3

se usar o docx do libreoffice, você pode adicionar conteúdo (abaixo) ao / etc / magic:

# start by checking for ZIP local file header signature
0               string          PK# start by checking for ZIP local file header signature
0               string          PK%pre%3%pre%4
!:strength +10
>1104           search/300      PK%pre%3%pre%4
# and check the subdirectory name to determine which type of OOXML
# file we have.  Correct the mimetype with the registered ones:
# http://technet.microsoft.com/en-us/library/cc179224.aspx
>>&26           string          word/           Microsoft Word 2007+
!:mime application/vnd.openxmlformats-officedocument.wordprocessingml.document
>>&26         string          ppt/            Microsoft PowerPoint 2007+
!:mime application/vnd.openxmlformats-officedocument.presentationml.presentation
>>&26         string          xl/             Microsoft Excel 2007+
!:mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
>>&26         default         x               Microsoft OOXML
3%pre%4
!:strength +10
>1104           search/300      PK%pre%3%pre%4
# and check the subdirectory name to determine which type of OOXML
# file we have.  Correct the mimetype with the registered ones:
# http://technet.microsoft.com/en-us/library/cc179224.aspx
>>&26           string          word/           Microsoft Word 2007+
!:mime application/vnd.openxmlformats-officedocument.wordprocessingml.document
>>&26         string          ppt/            Microsoft PowerPoint 2007+
!:mime application/vnd.openxmlformats-officedocument.presentationml.presentation
>>&26         string          xl/             Microsoft Excel 2007+
!:mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
>>&26         default         x               Microsoft OOXML