I am parsing DDS file to read its header data. I want to modify format of image, but it seems that header mentioned at this site does not specify where DXGI_FORMAT (internal format) is stored. Where I can I get internal format in file ?
Like DXGI_FORMAT_BC1_UNORM value is 71, but i did not find it in header
Related
I have a simple page in asp net 5, and users can upload their images there. Valid files are: *.jpg, *.png, so I'm doing steps below to validating the files:
Validating filename length : e.g: file name must be less than 50 alphabet characters
Validating filename : replacing any hidden or invalid characters
Validating file size : based on our configurations (e.g: less than 10MB)
Validating file extensions : based on our white-list: *.jpg, *.png
Validating Mimetypes : based on our white-list for IMAGE/JPEG, IMAGE/PNG
Validating file's first bytes (Magic Number) : based on our white-list for JPG: "FF-D8-FF-DB", "FF-D8-FF-E0" , "FF-D8-FF-EE" ,"FF-D8-FF-E1" and PNG: "89-50-4E-47"
Uploading the file with a random (guid) filename in the temp folder outside webroot: without any executing permissions.
Scanning the file with AV (Kaspersky or Norton Security) service installed.
But, some webshells can bypass these steps, like Insomnia webshell or others (they use the magic number headers at the first of file headers and inject their codes into some part of the file).
So my question is :
how can I detect and prevent webshell uploading?
Should I read and check the whole file for some black-list keywords?
Or what?
btw :We can't use any online webshell detection services.
This is a simple shell injected into a PNG file by woanware.co.uk:
So I am uploading a file to one drive using a resumable file upload session. However I cannot know the size of the file before uploading. I know that google allows uploading of files with content ranges like
Content-Range: 0-128/*
I would assume OneDrive would also allow it as it is even specified in RFC2616
Content-Range = "Content-Range" ":" content-range-spec
content-range-spec = byte-content-range-spec
byte-content-range-spec = bytes-unit SP
byte-range-resp-spec "/"
( instance-length | "*" )
byte-range-resp-spec = (first-byte-pos "-" last-byte-pos)
| "*"
instance-length = 1*DIGIT
The header SHOULD indicate the total length of the full
entity-body, unless this length is unknown or difficult to
determine. The asterisk "*" character means that the
instance-length is unknown at the time when the response was
generated.
But after reading the OneDrive documentation I found it says
Example: In this example, the app is uploading the first 26 bytes of a
128 byte file.
The Content-Length header specifies the size of the current request.
The Content-Range header indicates the range of bytes in the overall
file that this request represents.
The total length of the file is
known before you can upload the first fragment of the file. HTTP
Copy PUT https://sn3302.up.1drv.com/up/fe6987415ace7X4e1eF866337
Content-Length: 26 Content-Range: bytes 0-25/128
<bytes 0-25 of the file>
Important: Your app must ensure the total
file size specified in the Content-Range header is the same for all
requests. If a byte range declares a different file size, the request
will fail.
Maybe I'm just reading the documentation wrong or it only applies to this example but before I go and build a entire uploader I would just like clarification if this is allowed for OneDrive
My Question is
Does OneDrive allow uploading of files with unknown sizes?
Thanks in advance for your help
For anyone else wondering, no you can't, file uploads must specify a size.
I'd like to create a file object from an image located at a specific url. I'm downloading the file with Net Http:
img = Net::HTTP.get_response(URI.parse('https://prium-solutions.com/wp-content/uploads/2016/11/rails-1.png'))
file = File.read(img.body)
However, I get ArgumentError: string contains null byte when trying to read the file and store in into the file variable.
How can I do this without having to store it locally ?
Since File deals with reading from storage, it's really not applicable here. The read method is expecting you to hand it a location to read from, and you're passing in binary data.
If you have a situation where you need to interface with a library that expects an object that is streaming, you can wrap the string body in a StringIO object:
file = StringIO.new(img)
# you can now call file.read, file.seek, file.rewind, etc.
When extracting a ZIP file with System.Zip.TZipFile:
System.Zip.TZipFile.ExtractZipFile('C:\test.zip', 'R:\_TEST\');
for a specific ZIP file I get this error message box:
Stream read error.
Why?
The zip file which to reproduce the error, base64 encoded:
UEsDBC0ACAAIAHyDiEcAAAAA//////////8WABQATmV1ZXMgVGV4dGRva3VtZW50LnR4dAEAEAAA AAAAAAAAAAIAAAAAAAAAAwBQSwcIAAAAAAIAAAAAAAAAAAAAAAAAAABQSwECLQstAAgACAB8g4hH AAAAAP//////////FgA4AAAAAAABAAAAAAAAAAAATmV1ZXMgVGV4dGRva3VtZW50LnR4dAEAEAAA AAAAAAAAAAIAAAAAAAAACgAgAAAAAAABABgA1LFkAs0x0QHUsWQCzTHRAdSxZALNMdEBUEsFBgAA AAABAAEAfAAAAGIAAAAAAA==
Go to http://www.motobit.com/util/base64-decoder-encoder.asp
Decode this to your local storage as test.zip (don't change the character set)
The MD5 of the decoded binary file must be:
7357193E8F27FE1FB5AF2B8B6AF1F24C
Reference: The structure of a PKZip file
by Florian Buchholz.
Your ZIP file is stored using the ZIP64 extended variant of the format. The Delphi ZIP code does not support ZIP64.
I deduced that the file was ZIP64 by looking at the local file header. The compressed and uncompressed size fields are both 0xffffffff. From the reference above:
Compressed size: if archive is in ZIP64 format, this filed is 0xffffffff and the length is stored in the extra field
Uncompressed size: if archive is in ZIP64 format, this filed is 0xffffffff and the length is stored in the extra field
For the library to support ZIP64 it needs to detect these conditions and read the 64 bit values out of the additional headers. The Delphi code does not and attempts to read 0xffffffff bytes that are not there.
You will need to find a different ZIP file library, one that supports ZIP64, in order to operate on such a ZIP file. Alternatively, you could side-step the problem if you could arrange that whatever creates the ZIP files uses the plain ZIP format.
I have this example of getting the initial header information from Vorbis for Ogg Stream:
ogg_packet header;
ogg_packet header_comm;
ogg_packet header_code;
vorbis_analysis_headerout(&vd,&vc,&header,&header_comm,&header_code);
How can I get this header information from Opus with libopus?
There's some information HERE, but I can't figure out how work with it.
Ogg Opus has only two header packets: the ID header and comment header. See the specification for details on their contents.
If you are reading an Ogg Opus file with the opusfile library, it processes the packets for you (including the header packets). The various functions that you linked to are used to get information from the headers that were processed.
If you are writing an Ogg Opus file, you can use the libopusenc library and it will take care of writing the headers for you. As of version 0.2, the opusenc program in the opus-tools package uses libopusenc. If for some reason you want to format and write the packets yourself using the ogg library directly, you could take a look at the older 0.1.10 version of opusenc, when it did this itself; look for the comment /* Write header */ in opusenc.c and the call to opus_header_to_packet() to format the ID header.