Javascript 在NodeJS中查找,如果zip文件包含任何.js或.exe或.json格式,我想阻止这些类型的上载
我想验证zip文件是否包含任何“js”、“exe”、“JSON”文件 每当有这种类型的文件时,我都希望处理它,而不是将同一个文件上载到s3存储桶Javascript 在NodeJS中查找,如果zip文件包含任何.js或.exe或.json格式,我想阻止这些类型的上载,javascript,node.js,fs,Javascript,Node.js,Fs,我想验证zip文件是否包含任何“js”、“exe”、“JSON”文件 每当有这种类型的文件时,我都希望处理它,而不是将同一个文件上载到s3存储桶 const unzip = require('unzip'), fs = require('fs'), inputFileName = '/home/nn/Downloads/delete.zip'; // zip file path fs.createReadStream(inputFileName) .pipe(u
const unzip = require('unzip'),
fs = require('fs'),
inputFileName = '/home/nn/Downloads/delete.zip'; // zip file path
fs.createReadStream(inputFileName)
.pipe(unzip.Parse())
.on('entry', (entry) => {
console.log(entry);
// how should i validate here
}
entry.autodrain();
});
您可以使用path模块,并使用extname(),它为您提供扩展,然后使用includes从易受攻击的扩展中进行检查
const unzip = require('unzip'),
fs = require('fs'),
path = require('path'),
inputFileName = '/home/nayan/Downloads/delete.zip'; // zip file path
fs.createReadStream(inputFileName)
.pipe(unzip.Parse())
.on('entry', (entry) => {
const rest_file_path = ['.js', '.exe', '.zip'],
extension = path.extname(entry.path);
if (rest_file_path.includes(extension)) {
console.log(`Cant upload this zip file as it contains ${extension} file`) // you can handle it here and send a error response
}
entry.autodrain();
});
您可以使用path模块,并使用extname(),它为您提供扩展,然后使用includes从易受攻击的扩展中进行检查
const unzip = require('unzip'),
fs = require('fs'),
path = require('path'),
inputFileName = '/home/nayan/Downloads/delete.zip'; // zip file path
fs.createReadStream(inputFileName)
.pipe(unzip.Parse())
.on('entry', (entry) => {
const rest_file_path = ['.js', '.exe', '.zip'],
extension = path.extname(entry.path);
if (rest_file_path.includes(extension)) {
console.log(`Cant upload this zip file as it contains ${extension} file`) // you can handle it here and send a error response
}
entry.autodrain();
});
如何定义“js”文件?
script.jsscript.txtreadme.txtscript.jsscript.txtreadme.txt