Geek Answers Handbook

Detect executable file in java

I have a use case where we allow users to upload files. Now at the back of java (the controller that extracts the file from the http request and checks), I want to determine if the user is loading any executable file. If it loads, I must cancel this file. I was looking for him, but could not find a perfect solution. Some people suggested checking the extension (.exe). But I'm not sure how much it will filter exe files. I want to completely block the download of executable files.

If any of you have encountered this scenario or received a decision about it, let me know. I would appreciate it.

I would be happier if you could point me to any JAVA or Java API implementation or algorithm in which the camera does this work.

+7
source share
5 answers

I suspect that, in addition to the extension verification method mentioned above, it will not be possible to catch all possible cases. Executable files are ultimately sequences of machine instructions that make them largely indistinguishable from any other data.

Despite this, some types of executables have things you can find. For example:

  • Windows uses the Portable Executable format , which should always start with the magic number 4d5a (ASCII MZ characters)
  • Linux ELF executable file starts with 7f454c46
  • Java class files always start with cafebabe (it's hex, not ASCII!).
  • As far as I can tell, the Mach-O files used by Mac-OSX have a magic feedface number (hex again)

I suggest you create a FileInputStream or the like and read the first few bytes of the file, checking these magic numbers. It does not detect any file that contains executable code, but it should prevent access to files in these standard executable formats, which, I think, is what you hoped for.

So for example:

 public static boolean isExecutable(File file) { byte[] firstBytes = new byte[4]; try { FileInputStream input = new FileInputStream(file); input.read(firstBytes); // Check for Windows executable if (firstBytes[0] == 0x4d && firstBytes[1] == 0x5a) { return true; } return false; } catch (Exception e) { e.printStackTrace(); } }

Also be careful that you get a false positive when you reject a file that was not executed. I donโ€™t know what type of file you are going to download, so you should consider how likely it is to happen.

+9
source

Windows executable always starts with the magic number MZ . You could probably check that out.

0
source

As far as I have seen, the most common approach is checking the extension. For example, I noticed that email clients usually accept sending an executable file if it is renamed, for example. zip or other extension.
I think this seems adequate, since the security problem is that the user accidentally launches an executable file. Renaming the file in an unknown / other extension, the user cannot accidentally do this, and therefore the danger is somehow "mitigated"
Otherwise, come up with a way to look at the contents of the file to determine if you really have an executable file, I donโ€™t know how possible / portable / reliable it is.

0
source

Look at here:

Is there a good way to determine if a file is executable in Java .

It seems that this command might help: java.io.File.canExecute()

0
source

Keep in mind that Windows executables are not just .exe files, so checking the extension will be insufficient

If you need something advanced and hard to fool, you can use a third-party tool, for example File for Windows , this is a popular command that was ported from Linux.

for example, if you want to check the program.exe file

 C:\file -b "program.exe"

The result will look like

 PE32 executable for MS Windows <GUI> Intel

You can run this tool from a Java program using Runtime.getRuntime().exec()

See this question to learn how to run a command line program and get output in Java

You can also check Apache Tika to get the file type from its contents.

0
source

More articles:


All Articles