Skip to content

Add file validation#2

Merged
luabagg merged 1 commit into
devfrom
claude/add-file-validation-011CV4PZ5G8FzbBr2FvHbvfm
Nov 22, 2025
Merged

Add file validation#2
luabagg merged 1 commit into
devfrom
claude/add-file-validation-011CV4PZ5G8FzbBr2FvHbvfm

Conversation

@luabagg
Copy link
Copy Markdown
Member

@luabagg luabagg commented Nov 22, 2025

No description provided.

@claude
feat: add file validation with magic byte checking
6536aa3 
Add comprehensive file validation to prevent malicious file uploads:

- Implement magic byte (file signature) validation for all supported file types
- Validate file extensions match declared content types
- Support all image formats: PNG, JPEG, WebP, SVG, TIFF
- Support all video formats: MP4, MPEG, OGG
- Support document formats: PDF, TXT
- Integrate validation into upload controller before processing
- Add comprehensive test suite with 40+ test cases

Security improvements:
- Prevent upload of files with fake extensions (e.g., malware.jpg that's actually .exe)
- Verify actual file content matches Content-Type header
- Detect tampered or corrupted file headers
- Early rejection of invalid files before AWS upload

The validator checks magic bytes at correct offsets:
- Images: PNG (8 bytes), JPEG (4 bytes), WebP (RIFF+WEBP), TIFF (4 bytes)
- Videos: MP4 (offset 4), MPEG (4 bytes), OGG (4 bytes)
- Documents: PDF (%PDF marker)
- SVG: XML-based validation

Closes security gap identified in code review.
@luabagg luabagg changed the base branch from main to dev November 22, 2025 03:50
@luabagg luabagg merged commit 987256e into dev Nov 22, 2025
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@luabagg @claude