|
1
|
|
|
<?php |
|
2
|
|
|
/* |
|
3
|
|
|
* This file is part of the Scrawler package. |
|
4
|
|
|
* |
|
5
|
|
|
* (c) Pranjal Pandey <[email protected]> |
|
6
|
|
|
* |
|
7
|
|
|
* For the full copyright and license information, please view the LICENSE |
|
8
|
|
|
* file that was distributed with this source code. |
|
9
|
|
|
*/ |
|
10
|
|
|
|
|
11
|
|
|
namespace Scrawler\Validator\Storage; |
|
12
|
|
|
|
|
13
|
|
|
use Symfony\Component\HttpFoundation\File\File; |
|
14
|
|
|
use Symfony\Component\HttpFoundation\File\UploadedFile; |
|
15
|
|
|
|
|
16
|
|
|
class Blacklist extends AbstractValidator |
|
17
|
|
|
{ |
|
18
|
|
|
/** |
|
19
|
|
|
* @var array<string> |
|
20
|
|
|
*/ |
|
21
|
|
|
protected array $blockedMimeTypes = [ |
|
22
|
|
|
'application/x-httpd-php', |
|
23
|
|
|
'application/x-httpd-php-source', |
|
24
|
|
|
'application/x-php', |
|
25
|
|
|
'text/php', |
|
26
|
|
|
'text/x-php', |
|
27
|
|
|
'application/octet-stream', |
|
28
|
|
|
// windows specific |
|
29
|
|
|
'application/x-msdownload', |
|
30
|
|
|
'application/x-msdos-program', |
|
31
|
|
|
'application/x-msi', |
|
32
|
|
|
'application/x-msdos-windows', |
|
33
|
|
|
'application/x-msdos-program', |
|
34
|
|
|
]; |
|
35
|
|
|
/** |
|
36
|
|
|
* @var array<string> |
|
37
|
|
|
*/ |
|
38
|
|
|
protected array $blockedExtensions = [ |
|
39
|
|
|
'php', |
|
40
|
|
|
'php3', |
|
41
|
|
|
'php4', |
|
42
|
|
|
'php5', |
|
43
|
|
|
'phtml', |
|
44
|
|
|
'phar', |
|
45
|
|
|
'phpt', |
|
46
|
|
|
'phps', |
|
47
|
|
|
'php-s', |
|
48
|
|
|
'pht', |
|
49
|
|
|
'htaccess', |
|
50
|
|
|
'htpasswd', |
|
51
|
|
|
'inc', |
|
52
|
|
|
'ini', |
|
53
|
|
|
'sh', |
|
54
|
|
|
'bash', |
|
55
|
|
|
'bashrc', |
|
56
|
|
|
'bash_profile', |
|
57
|
|
|
'bash_aliases', |
|
58
|
|
|
'bash_history', |
|
59
|
|
|
'bash_logout', |
|
60
|
|
|
'bash_login', |
|
61
|
|
|
'bashrc', |
|
62
|
|
|
'bin', |
|
63
|
|
|
'cgi', |
|
64
|
|
|
// windows specific |
|
65
|
|
|
'bat', |
|
66
|
|
|
'cmd', |
|
67
|
|
|
'com', |
|
68
|
|
|
'cpl', |
|
69
|
|
|
'exe', |
|
70
|
|
|
'gadget', |
|
71
|
|
|
'inf', |
|
72
|
|
|
'ins', |
|
73
|
|
|
'inx', |
|
74
|
|
|
'isu', |
|
75
|
|
|
'job', |
|
76
|
|
|
'jse', |
|
77
|
|
|
'lnk', |
|
78
|
|
|
'msc', |
|
79
|
|
|
'msi', |
|
80
|
|
|
'msp', |
|
81
|
|
|
'mst', |
|
82
|
|
|
]; |
|
83
|
|
|
|
|
84
|
|
|
/** |
|
85
|
|
|
* Validate the uploaded file. |
|
86
|
|
|
* |
|
87
|
|
|
* @throws \Scrawler\Exception\FileValidationException |
|
88
|
|
|
*/ |
|
89
|
|
|
#[\Override] |
|
90
|
|
|
public function validate(UploadedFile|File $file): void |
|
91
|
|
|
{ |
|
92
|
|
|
if (\in_array($file->getMimeType(), $this->blockedMimeTypes)) { |
|
93
|
|
|
throw new \Scrawler\Exception\FileValidationException('Invalid file type.'); |
|
94
|
|
|
} |
|
95
|
|
|
// @codeCoverageIgnoreStart |
|
96
|
|
|
if (\in_array($file->guessExtension(), $this->blockedExtensions)) { |
|
97
|
|
|
throw new \Scrawler\Exception\FileValidationException('Invalid file extension.'); |
|
98
|
|
|
} |
|
99
|
|
|
// @codeCoverageIgnoreEnd |
|
100
|
|
|
} |
|
101
|
|
|
} |
|
102
|
|
|
|
scrawler-labs /
storage
