在节点 js 中查找,如果 zip 文件包含任何 .js 或 .exe 或 .json 格式,我想阻止这些类型的上传
find in node js, if the zip file contains any .js or .exe or .json format, i want to block those type of upload
我想验证 zip 文件是否包含任何 "js"、"exe"、"JSON" 文件
只要有这种类型的文件,我就想处理它,而不是将相同的文件上传到 s3 存储桶。
const unzip = require('unzip'),
fs = require('fs'),
inputFileName = '/home/nn/Downloads/delete.zip'; // zip file path
fs.createReadStream(inputFileName)
.pipe(unzip.Parse())
.on('entry', (entry) => {
console.log(entry);
// how should i validate here
}
entry.autodrain();
});
您可以使用路径模块,并使用 extname(),它会为您提供扩展名,然后使用 include
检查易受攻击的扩展名
const unzip = require('unzip'),
fs = require('fs'),
path = require('path'),
inputFileName = '/home/nayan/Downloads/delete.zip'; // zip file path
fs.createReadStream(inputFileName)
.pipe(unzip.Parse())
.on('entry', (entry) => {
const rest_file_path = ['.js', '.exe', '.zip'],
extension = path.extname(entry.path);
if (rest_file_path.includes(extension)) {
console.log(`Cant upload this zip file as it contains ${extension} file`) // you can handle it here and send a error response
}
entry.autodrain();
});
我想验证 zip 文件是否包含任何 "js"、"exe"、"JSON" 文件
只要有这种类型的文件,我就想处理它,而不是将相同的文件上传到 s3 存储桶。
const unzip = require('unzip'),
fs = require('fs'),
inputFileName = '/home/nn/Downloads/delete.zip'; // zip file path
fs.createReadStream(inputFileName)
.pipe(unzip.Parse())
.on('entry', (entry) => {
console.log(entry);
// how should i validate here
}
entry.autodrain();
});
您可以使用路径模块,并使用 extname(),它会为您提供扩展名,然后使用 include
检查易受攻击的扩展名 const unzip = require('unzip'),
fs = require('fs'),
path = require('path'),
inputFileName = '/home/nayan/Downloads/delete.zip'; // zip file path
fs.createReadStream(inputFileName)
.pipe(unzip.Parse())
.on('entry', (entry) => {
const rest_file_path = ['.js', '.exe', '.zip'],
extension = path.extname(entry.path);
if (rest_file_path.includes(extension)) {
console.log(`Cant upload this zip file as it contains ${extension} file`) // you can handle it here and send a error response
}
entry.autodrain();
});