文件的输入验证

问题描述 投票:0回答:1

我正在对我的应用程序进行安全扫描,我一直从扫描器中得到这个错误信息。我已经尝试过实施一些选项,但它一直带来这个相同的错误。

The ASP.NET application does not use, or incorrectly uses, the model validation framework.
Complex implementation error

有没有其他方法可以验证下面的输入,特别是对于 File?

private string _Action { get; set; }

public string Action { get { return _Action; } set { if (value != null) _Action = value; } }

[Required]
[FileExtensions(Extensions = "csv,xlsx")]
public IFormFile File { get; set; }
c# .net asp.net-mvc security asp.net-core
1个回答
0
投票

从你的评论来看say for instance [max length]?我认为你可以使用一个自定义的验证属性,你可以参考一下。.

这里是一个演示工作,以验证一个文件的大小和文件的扩展。

TestFile.cs:

public class TestFile
{
    [MaxFileSize(10000)]
    [AllowedExtensionsAttribute(new string[] { ".txt"})]
    public IFormFile File { get; set; }
}

MaxFileSizeAttribute.cs:

public class MaxFileSizeAttribute : ValidationAttribute
{
    private readonly int _maxFileSize;
    public MaxFileSizeAttribute(int maxFileSize)
    {
        _maxFileSize = maxFileSize;
    }

    protected override ValidationResult IsValid(
    object value, ValidationContext validationContext)
    {
        var file = value as IFormFile;
        if (file != null)
        {
            if (file.Length > _maxFileSize)
            {
                return new ValidationResult(GetErrorMessage());
            }
        }

        return ValidationResult.Success;
    }

    public string GetErrorMessage()
    {
        return $"Maximum allowed file size is { _maxFileSize} bytes.";
    }
}

AllowedExtensionsAttribute.cs:

 public class AllowedExtensionsAttribute : ValidationAttribute
{
    private readonly string[] _extensions;
    public AllowedExtensionsAttribute(string[] extensions)
    {
        _extensions = extensions;
    }

    protected override ValidationResult IsValid(
    object value, ValidationContext validationContext)
    {
        var file = value as IFormFile;
        var extension = Path.GetExtension(file.FileName);
        if (file != null)
        {
            if (!_extensions.Contains(extension.ToLower()))
            {
                return new ValidationResult(GetErrorMessage());
            }
        }

        return ValidationResult.Success;
    }

    public string GetErrorMessage()
    {
        return $"The file extension is not allowed!";
    }
}

Controller:

[HttpGet]
    public IActionResult TestFileSize() {
        return View();
    }
    [HttpPost]
    public IActionResult TestFileSize(TestFile testFile)
    {
        if (!ModelState.IsValid) {
            Console.WriteLine("error");
        }
        return View();
    }

视图。

@model TestFile
@{
    ViewData["Title"] = "TestFileSize";
}

<h1>TestFileSize</h1>
<form method="post" enctype="multipart/form-data">
    <input type="file" id="File" asp-for="File" />
    <input type="submit" value="submit" />
</form>

结果。enter image description here

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.