使 libmagic/file 检测 .docx 文件

tag-icon tag-icon linux debian unix mime
使 libmagic/file 检测 .docx 文件

正如其他地方所见、docx、xlsx 和 pttx 是 ZIP 文件。将它们上传到我的 Web 应用程序时,file(通过libmagicpython-magic) 将它们检测为 ZIP 文件。

我将文件内容作为 blob 存储在数据库中,但自然我不想信任用户这是哪种文件类型。所以我想信任file并在下载期间自动生成文件名。

我知道可以修改,/etc/magic但格式(magic(5))对我来说太复杂了。我发现Debian 错误中有关此问题的错误报告但由于它是 2008 年的,所以似乎无法很快得到修复。

我想我唯一的选择就是确实信任用户(但仍将内容存储为 blob)并仅根据文件名检查文件扩展名。这样我就可以禁止某些扩展名并允许其他扩展名。当用户重新下载他的文件时,他可以以他上传的任何方式获得它。但如果文件与他人共享,此解决方案是不安全的,因为您可以简单地重命名文件以允许上传它。

有任何想法吗?

最后,我发现docx 等的魔法数字列表,但我无法将它们转换为该magic(5)格式。

答案1

您可以使用

0       string  PK\x03\x04\x14\x00\x06\x00      Microsoft Office Open XML Format

在 /etc/magic 中根据您提供的信息识别一般文件类型。

(但是,这可能并不普遍:PK\x03\x04\x00\x14\x08\x08在 LibreOffice 生成的 XLSX 文件开始时就已经观察到了这种情况。)

Ubuntu 的更高版本可以正确识别 .docx、.pptx 和 .xlsx 文件。在文件实用程序的源代码中挖掘后,我找到了~/file-5.09/magic/Magdir/msooxml可以进行识别的文件。您可以获取文件副本并将其添加到您的/etc/magic文件中。

包括已更新至 v 1.5 的文件副本

# $File: msooxml,v 1.5 2014/08/05 07:38:45 christos Exp $
# msooxml:  file(1) magic for Microsoft Office XML
# From: Ralf Brown <[email protected]>

# .docx, .pptx, and .xlsx are XML plus other files inside a ZIP
#   archive.  The first member file is normally "[Content_Types].xml".
#   but some libreoffice generated files put this later. Perhaps skip
#   the "[Content_Types].xml" test?
# Since MSOOXML doesn't have anything like the uncompressed "mimetype"
#   file of ePub or OpenDocument, we'll have to scan for a filename
#   which can distinguish between the three types

# start by checking for ZIP local file header signature
0       string      PK\003\004
!:strength +10
# make sure the first file is correct
>0x1E       regex       \\[Content_Types\\]\\.xml|_rels/\\.rels
# skip to the second local file header
# since some documents include a 520-byte extra field following the file
# header, we need to scan for the next header
>>(18.l+49) search/2000 PK\003\004
# now skip to the *third* local file header; again, we need to scan due to a
# 520-byte extra field following the file header
>>>&26      search/1000 PK\003\004
# and check the subdirectory name to determine which type of OOXML
# file we have.  Correct the mimetype with the registered ones:
# http://technet.microsoft.com/en-us/library/cc179224.aspx
>>>>&26     string      word/       Microsoft Word 2007+
!:mime application/vnd.openxmlformats-officedocument.wordprocessingml.document
>>>>&26     string      ppt/        Microsoft PowerPoint 2007+
!:mime application/vnd.openxmlformats-officedocument.presentationml.presentation
>>>>&26     string      xl/     Microsoft Excel 2007+
!:mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
>>>>&26     default     x       Microsoft OOXML
---

但将 V1.2 留在这里以供后人使用。

由于文件包更新后上述链接可能会过期,因此在此附上一份副本。

#------------------------------------------------------------------------------
# $File: msooxml,v 1.2 2013/01/25 23:04:37 christos Exp $
# msooxml:  file(1) magic for Microsoft Office XML
# From: Ralf Brown <[email protected]>

# .docx, .pptx, and .xlsx are XML plus other files inside a ZIP
#   archive.  The first member file is normally "[Content_Types].xml".
# Since MSOOXML doesn't have anything like the uncompressed "mimetype"
#   file of ePub or OpenDocument, we'll have to scan for a filename
#   which can distinguish between the three types

# start by checking for ZIP local file header signature
0               string          PK\003\004
# make sure the first file is correct
>0x1E           string          [Content_Types].xml
# skip to the second local file header
#   since some documents include a 520-byte extra field following the file
#   header,  we need to scan for the next header
>>(18.l+49)     search/2000     PK\003\004
# now skip to the *third* local file header; again, we need to scan due to a
#   520-byte extra field following the file header
>>>&26          search/1000     PK\003\004
# and check the subdirectory name to determine which type of OOXML
#   file we have
#   Correct the mimetype with the registered ones:
#     http://technet.microsoft.com/en-us/library/cc179224.aspx
>>>>&26         string          word/           Microsoft Word 2007+
!:mime application/vnd.openxmlformats-officedocument.wordprocessingml.document
>>>>&26         string          ppt/            Microsoft PowerPoint 2007+
!:mime application/vnd.openxmlformats-officedocument.presentationml.presentation
>>>>&26         string          xl/             Microsoft Excel 2007+
!:mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
>>>>&26         default         x               Microsoft OOXML
!:strength +10

答案2

file,5.13 之前的版本,会将 MIME 类型截断为 64 个字符。因此,使用 msooxml 的内容,file -bi 命令中的 MIME 类型变为“mime application/vnd.openxmlformats-officedocument.wordprocessingml.d; charset=binary”

答案3

如果使用libreoffice的docx,可以在/etc/magic中添加如下内容:

# start by checking for ZIP local file header signature
0               string          PK\003\004
!:strength +10
>1104           search/300      PK\003\004
# and check the subdirectory name to determine which type of OOXML
# file we have.  Correct the mimetype with the registered ones:
# http://technet.microsoft.com/en-us/library/cc179224.aspx
>>&26           string          word/           Microsoft Word 2007+
!:mime application/vnd.openxmlformats-officedocument.wordprocessingml.document
>>&26         string          ppt/            Microsoft PowerPoint 2007+
!:mime application/vnd.openxmlformats-officedocument.presentationml.presentation
>>&26         string          xl/             Microsoft Excel 2007+
!:mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
>>&26         default         x               Microsoft OOXML

相关内容