Table of Contents
The application should allow the only specific types of files according to the requirement. And we should not allow unauthorized files into the application. It is possible for an attacker to bypass the current restrictions in place and upload an executable application or script. Bypassing the executable file, attackers can steal the system level sensitive information.
Suppose the application should allow the only.jpg, .png, .gif, and restrict the action when other format files will be uploaded.
Image Validation by Image Readers
public static boolean validateImageReader(String imageFilePath) throws Exception { File file = new File(imageFilePath); ImageInputStream imageInputStream = ImageIO.createImageInputStream(file); Iterator<ImageReader> readers = ImageIO.getImageReaders(imageInputStream); imageInputStream.flush(); imageInputStream.close(); String imageFormatName = ""; boolean isImage; if (!readers.hasNext()) { isImage = false; } else { ImageReader reader = readers.next(); imageFormatName = reader.getFormatName(); if ("jpeg".equalsIgnoreCase(reader.getFormatName())) { isImage = true; imageFormatName = "jpeg"; } else if ("png".equalsIgnoreCase(reader.getFormatName())) { isImage = true; imageFormatName = "png"; } else if ("jpg".equalsIgnoreCase(reader.getFormatName())) { isImage = true; imageFormatName = "jpg"; } else if ("gif".equalsIgnoreCase(reader.getFormatName())) { isImage = true; imageFormatName = "gif"; } else { isImage = false; } } String mimeType = new MimetypesFileTypeMap().getContentType(file); System.out.println("mimeType:" + mimeType); System.out.println("Is Image Format: " + isImage); System.out.println("Image Format: " + imageFormatName); return isImage; }
Image MIME Type Validation
public static boolean validateWithImageMiMEType(String filePath) throws Exception { //JPEG image - MimeType:image/jpeg - Image Extension:jpe //JPEG image - MimeType:image/jpeg - Image Extension:jpeg //JPEG image - MimeType:image/jpeg - Image Extension:jpg //TIF image - MimeType:image/tiff - Image Extension:tif //TIF image - MimeType:image/tiff - Image Extension:tiff //Bitmap - MimeType:image/bmp - Image Extension:bmp //GIF - MimeType:image/gif - Image Extension:gif boolean isImage=false; String mimeType = new MimetypesFileTypeMap().getContentType(new File(filePath)); if(mimeType.equalsIgnoreCase("image/jpeg ")) { isImage=true; }else if(mimeType.equalsIgnoreCase("image/jpeg ")) { isImage=true; }else if(mimeType.equalsIgnoreCase("image/tiff ")) { isImage=true; }else if(mimeType.equalsIgnoreCase("image/bmp ")) { isImage=true; }else if(mimeType.equalsIgnoreCase("image/gif ")) { isImage=true; }else { isImage=false; } return isImage; }
Complete Source Code – ImageValidation .java
package com.narayanatutorial; import java.io.File; import java.util.Iterator; import javax.activation.MimetypesFileTypeMap; import javax.imageio.ImageIO; import javax.imageio.ImageReader; import javax.imageio.metadata.IIOMetadata; import javax.imageio.stream.ImageInputStream; public class ImageValidation { public static void main(String[] args) { try { String imageFilePath="D:/Sample.jpg"; boolean flag = validateImageReader(imageFilePath); if (flag) { System.out.println("Valid Image"); } else { System.out.println("InValid Image"); } //validateWithImageMiMEType flag = validateWithImageMiMEType(imageFilePath); if (flag) { System.out.println("Valid Image"); } else { System.out.println("InValid Image"); } } catch (Exception e) { e.printStackTrace(); } } public static boolean validateImageReader(String imageFilePath) throws Exception { File file = new File(imageFilePath); ImageInputStream imageInputStream = ImageIO.createImageInputStream(file); Iterator<ImageReader> readers = ImageIO.getImageReaders(imageInputStream); imageInputStream.flush(); imageInputStream.close(); String imageFormatName = ""; boolean isImage; if (!readers.hasNext()) { isImage = false; } else { ImageReader reader = readers.next(); imageFormatName = reader.getFormatName(); if ("jpeg".equalsIgnoreCase(reader.getFormatName())) { isImage = true; imageFormatName = "jpeg"; } else if ("png".equalsIgnoreCase(reader.getFormatName())) { isImage = true; imageFormatName = "png"; } else if ("jpg".equalsIgnoreCase(reader.getFormatName())) { isImage = true; imageFormatName = "jpg"; } else if ("gif".equalsIgnoreCase(reader.getFormatName())) { isImage = true; imageFormatName = "gif"; } else { isImage = false; } } String mimeType = new MimetypesFileTypeMap().getContentType(file); System.out.println("mimeType:" + mimeType); System.out.println("Is Image Format: " + isImage); System.out.println("Image Format: " + imageFormatName); return isImage; } public static boolean validateWithImageMiMEType(String filePath) throws Exception { //JPEG image - MimeType:image/jpeg - Image Extension:jpe //JPEG image - MimeType:image/jpeg - Image Extension:jpeg //JPEG image - MimeType:image/jpeg - Image Extension:jpg //TIF image - MimeType:image/tiff - Image Extension:tif //TIF image - MimeType:image/tiff - Image Extension:tiff //Bitmap - MimeType:image/bmp - Image Extension:bmp //GIF - MimeType:image/gif - Image Extension:gif boolean isImage=false; String mimeType = new MimetypesFileTypeMap().getContentType(new File(filePath)); if(mimeType.equalsIgnoreCase("image/jpeg ")) { isImage=true; }else if(mimeType.equalsIgnoreCase("image/jpeg ")) { isImage=true; }else if(mimeType.equalsIgnoreCase("image/tiff ")) { isImage=true; }else if(mimeType.equalsIgnoreCase("image/bmp ")) { isImage=true; }else if(mimeType.equalsIgnoreCase("image/gif ")) { isImage=true; }else { isImage=false; } return isImage; } }
How To Validate URL Image
You can validate the Image URL either the URL contains the Image or not. If not we can restrict the URL.
URLImageValidation.java
package com.narayanatutorial; import java.awt.Image; import java.awt.image.BufferedImage; import java.io.IOException; import java.net.URL; import javax.imageio.ImageIO; public class URLImageValidation { public static void main(String[] args) { //enter image url String urlPath = "https://<host-name>/logo2.png"; boolean flag = validateURLImage(urlPath); System.out.println("isImage:" + flag); } public static boolean validateURLImage(String urlPath) { boolean flag = false; Image image = null; try { URL url = new URL(urlPath); image = ImageIO.read(url); System.out.println("image:" + image); if (null == image) { System.out.println("not valid Image"); flag = false; } else { System.out.println("valid Image"); flag = true; } } catch (IOException e) { System.out.println(e.getMessage()); e.printStackTrace(); flag = false; } catch (Exception e) { e.printStackTrace(); flag = false; } return flag; } }
Hello! I am Narayanaswamy founder and admin of narayanatutorial.com. I have been working in the IT industry for more than 12 years. NarayanaTutorial is my web technologies blog. My specialties are Java / J2EE, Spring, Hibernate, Struts, Webservices, PHP, Oracle, MySQL, SQLServer, Web Hosting, Website Development, and IAM(ForgeRock) Specialist
I am a self-learner and passionate about training and writing. I am always trying my best to share my knowledge through my blog.