我正在对我的应用程序进行安全扫描,我一直从扫描器中得到这个错误信息。我已经尝试过实施一些选项,但它一直带来这个相同的错误。
The ASP.NET application does not use, or incorrectly uses, the model validation framework.
Complex implementation error
有没有其他方法可以验证下面的输入,特别是对于 File
?
private string _Action { get; set; }
public string Action { get { return _Action; } set { if (value != null) _Action = value; } }
[Required]
[FileExtensions(Extensions = "csv,xlsx")]
public IFormFile File { get; set; }
从你的评论来看say for instance [max length]?
我认为你可以使用一个自定义的验证属性,你可以参考一下。它.
这里是一个演示工作,以验证一个文件的大小和文件的扩展。
TestFile.cs:
public class TestFile
{
[MaxFileSize(10000)]
[AllowedExtensionsAttribute(new string[] { ".txt"})]
public IFormFile File { get; set; }
}
MaxFileSizeAttribute.cs:
public class MaxFileSizeAttribute : ValidationAttribute
{
private readonly int _maxFileSize;
public MaxFileSizeAttribute(int maxFileSize)
{
_maxFileSize = maxFileSize;
}
protected override ValidationResult IsValid(
object value, ValidationContext validationContext)
{
var file = value as IFormFile;
if (file != null)
{
if (file.Length > _maxFileSize)
{
return new ValidationResult(GetErrorMessage());
}
}
return ValidationResult.Success;
}
public string GetErrorMessage()
{
return $"Maximum allowed file size is { _maxFileSize} bytes.";
}
}
AllowedExtensionsAttribute.cs:
public class AllowedExtensionsAttribute : ValidationAttribute
{
private readonly string[] _extensions;
public AllowedExtensionsAttribute(string[] extensions)
{
_extensions = extensions;
}
protected override ValidationResult IsValid(
object value, ValidationContext validationContext)
{
var file = value as IFormFile;
var extension = Path.GetExtension(file.FileName);
if (file != null)
{
if (!_extensions.Contains(extension.ToLower()))
{
return new ValidationResult(GetErrorMessage());
}
}
return ValidationResult.Success;
}
public string GetErrorMessage()
{
return $"The file extension is not allowed!";
}
}
Controller:
[HttpGet]
public IActionResult TestFileSize() {
return View();
}
[HttpPost]
public IActionResult TestFileSize(TestFile testFile)
{
if (!ModelState.IsValid) {
Console.WriteLine("error");
}
return View();
}
视图。
@model TestFile
@{
ViewData["Title"] = "TestFileSize";
}
<h1>TestFileSize</h1>
<form method="post" enctype="multipart/form-data">
<input type="file" id="File" asp-for="File" />
<input type="submit" value="submit" />
</form>