Dear Friends,
We often need to upload files in our web application/portal, and we start analyzing the risks associated with the activity.
I've been doing this over quite a certain period and realized this could be really fatal to our application, especially when you are working on a Production server in live internet.
After looking a lot over internet, Apache again came up as a savior with the API Apache Tika
At the time of writing this blog, the latest stable version of Tika is
Maven Link
<!-- https://mvnrepository.com/artifact/org.apache.tika/tika-core -->
<dependency>
<groupId>org.apache.tika</groupId>
<artifactId>tika-core</artifactId>
<version>1.24</version>
</dependency>
We often need to upload files in our web application/portal, and we start analyzing the risks associated with the activity.
I've been doing this over quite a certain period and realized this could be really fatal to our application, especially when you are working on a Production server in live internet.
After looking a lot over internet, Apache again came up as a savior with the API Apache Tika
At the time of writing this blog, the latest stable version of Tika is
Maven Link
<!-- https://mvnrepository.com/artifact/org.apache.tika/tika-core -->
<dependency>
<groupId>org.apache.tika</groupId>
<artifactId>tika-core</artifactId>
<version>1.24</version>
</dependency>
to get results, we merely need two lines
1. to initialize tika
2. to detect tika , any inputStream or File etc (attaching the screenshot)
ex:
Tika tika=new Tika();
System.out.println("File Detect : "+tika.detect(inputStream));
result:
File Detect : image/png
File Detect : application/x-msdownload now this file is malicious even though the hacker tried uploading the file using any valid extension.
Thank You :)