Harden quarantine provisioning; enforce strict permissions and update Ansible and docs
This commit is contained in:
49
detectors/MimeDetector.php
Normal file
49
detectors/MimeDetector.php
Normal file
@@ -0,0 +1,49 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace UploadLogger\Detectors;
|
||||
|
||||
use UploadLogger\Core\Context;
|
||||
use UploadLogger\Core\DetectorInterface;
|
||||
|
||||
final class MimeDetector implements DetectorInterface
|
||||
{
|
||||
public function getName(): string
|
||||
{
|
||||
return 'mime_sniff';
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $input
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public function detect(Context $context, array $input = []): array
|
||||
{
|
||||
$name = (string)($input['name'] ?? '');
|
||||
$realMime = (string)($input['real_mime'] ?? 'unknown');
|
||||
|
||||
$suspicious = false;
|
||||
$reasons = [];
|
||||
|
||||
if ($this->isFakeImage($name, $realMime)) {
|
||||
$suspicious = true;
|
||||
$reasons[] = 'fake_image';
|
||||
}
|
||||
|
||||
return [
|
||||
'suspicious' => $suspicious,
|
||||
'reasons' => $reasons,
|
||||
];
|
||||
}
|
||||
|
||||
private function isFakeImage(string $name, string $realMime): bool
|
||||
{
|
||||
if (preg_match('/\.(png|jpe?g|gif|webp|bmp|ico|svg)$/i', $name)) {
|
||||
if (!preg_match('/^image\//', $realMime)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user