FileExtensionChecker.java

package com.limegroup.gnutella.malware;

import java.io.File;
import java.util.Locale;

import org.limewire.inject.LazySingleton;
import org.limewire.logging.Log;
import org.limewire.logging.LogFactory;
import org.limewire.util.FileUtils;

import com.google.inject.Inject;

/**
 * Compares the mime type of a file to its extension to ensure that, if the
 * mime type indicates a dangerous file type, the extension is one of those
 * allowed for the file type.
 */
@LazySingleton
class FileExtensionChecker implements DangerousFileChecker {

    private static final Log LOG =
        LogFactory.getLog(FileExtensionChecker.class);

    private final MimeTypeEncoder mimeTypeEncoder;
    private final DangerousFileTypeEncoder dangerousFileTypeEncoder;

    @Inject
    FileExtensionChecker(MimeTypeEncoder mimeTypeEncoder,
            DangerousFileTypeEncoder dangerousFileTypeEncoder) {
        this.mimeTypeEncoder = mimeTypeEncoder;
        this.dangerousFileTypeEncoder = dangerousFileTypeEncoder;
    }

    /**
     * Returns true if the file's mime type indicates a dangerous type
     * but the extension does not.
     */
    @Override
    public boolean isDangerous(File file) {
        if(LOG.isDebugEnabled())
            LOG.debug("Checking " + file);
        // Get the mime type (null if it's unknown)
        String mimeType = mimeTypeEncoder.getMimeType(file);
        if(mimeType == null) {
            LOG.debug("Unknown mime type");
            return false;
        }
        // Get the extension (empty if there's no extension)
        String ext = FileUtils.getFileExtension(file).toLowerCase(Locale.US);
        if(LOG.isDebugEnabled())
            LOG.debug(ext.isEmpty() ? "No extension" : "Extension " + ext);
        // Check whether the extension is allowed for the mime type
        return !dangerousFileTypeEncoder.isAllowed(mimeType, ext);
    }
}