龙空技术网

JAVA 上传图片进行校验,是否是修改后缀的假图片

Ben哥41319 356

前言:

如今咱们对“java木马自动上传图片”大体比较看重,看官们都想要剖析一些“java木马自动上传图片”的相关资讯。那么小编同时在网络上汇集了一些关于“java木马自动上传图片””的相关资讯,希望看官们能喜欢,你们一起来了解一下吧!

这里面使用的是 Thumbnails.java,这个可以对图片进行缩放,裁剪,修改大小等,

import net.coobird.thumbnailator.Thumbnails;

直接上代码

首先需要 导入maven的jar包

 <!-- Image scale and check --> <dependency>		 <groupId>net.coobird</groupId>		 <artifactId>thumbnailator</artifactId>		 <version>0.4.6</version>	 		</dependency>

我这里使用的主要是对图片进行验证是否是一张正常的图片,防止图片带木马;

import java.awt.image.BufferedImage;import java.io.*;import java.math.BigDecimal;import javax.imageio.ImageIO;import net.coobird.thumbnailator.Thumbnails;public class ImageUtil {	public static void main(String[] args) { 		thumbnailsCompressPic("C:\\Users\\admin\\Documents\\aaaaa.jpeg","d:\\car\\aaa_2.jpg",1); }public static boolean thumbnailsCompressPic(String inputFile, String outputFile, float quality) { File input = new File(inputFile); try { Thumbnails.of(input).scale(1.0).outputQuality(quality).toFile(outputFile);  return true; } catch (IOException e) { e.printStackTrace(); }  return false; }  public static boolean thumbnailsCompressPic(InputStream inputFile, String outputFile, float quality) {  try { Thumbnails.of(inputFile).scale(1.0).outputQuality(quality).toFile(outputFile);  return true; } catch (IOException e) { e.printStackTrace(); }  return false; }  }

上传Controller 代码;

@RequestMapping(value="/upload",method=RequestMethod.POST)	public Object upload(@RequestParam(value = "idCardPath") MultipartFile file,							HttpServletRequest request){		ResultSupport result = new ResultSupport();		log.debug("原始文件名称:"+file.getName()+","+file.getOriginalFilename()); 		//max size 1048576 log.debug("=====getFileSize==="+file.getSize());  if (file.isEmpty()) {	 	result.setSuccess(false);			result.setResultMsg( "请选择照片;");			return result;		}		String fileName = file.getOriginalFilename();		String suffix = fileName.substring(fileName.lastIndexOf("."));		//check suffix		String supportPicture = ".png,.jpg,.jpeg,.PNG,.JPG,.JPEG";		if (!supportPicture.contains(suffix)) {			result.setSuccess(false);			result.setResultMsg( "图片格式不正确,只支持.png,.jpg,.jpeg");			return result;		}		fileName = System.currentTimeMillis()+Utils.getRandomString(8) + suffix;		int size = (int) file.getSize();		String filePath = request.getRealPath("/uploadid/");		File folder = new File(filePath);		if (!folder.exists() ) {			log.debug("make dir");			folder.mkdirs();		}		String fullFilePath =filePath+fileName;		String errMsg="";		try {			//check image 			boolean imageresult= ImageUtil.thumbnailsCompressPic(file.getInputStream(), fullFilePath, 1);			/*			file.transferTo(dest); // 保存文件,这是之前 的方法,不会对文件进行校验,不安全			*/			if (!imageresult) {				result.setSuccess(false);				result.setResultMsg( "错误的图片");				log.debug("error="+filePath);								return result;			}							filePath="/uploadid/"+fileName;				log.debug("upload success"); 						result.setResultMsg( filePath);			result.setSuccess(true);			return result;		} catch (IllegalStateException e) {			e.printStackTrace();			errMsg = "导入失败:" + e.getMessage();		} catch (IOException e) {			e.printStackTrace();			errMsg = "导入失败:" + e.getMessage();		}catch (Exception e) {			e.printStackTrace();			errMsg = "导入失败:" + e.getMessage();		}		result.setResultMsg( errMsg); result.setSuccess(false);		return result;	}

标签: #java木马自动上传图片