Skip to content

Commit

Permalink
Merge branch '9.0.0' of https://github.com/nestjs/nest into 9.0.0
Browse files Browse the repository at this point in the history
  • Loading branch information
kamilmysliwiec committed Jul 7, 2022
2 parents c728ecf + 349fb28 commit 5699161
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 3 deletions.
12 changes: 9 additions & 3 deletions packages/common/pipes/file/file-type.validator.ts
Original file line number Diff line number Diff line change
@@ -1,11 +1,15 @@
import { FileValidator } from './file-validator.interface';

export type FileTypeValidatorOptions = {
fileType: string;
fileType: string | RegExp;
};

/**
* Defines the built-in FileType File Validator
* Defines the built-in FileType File Validator. It validates incoming files mime-type
* matching a string or a regular expression. Note that this validator uses a naive strategy
* to check the mime-type and could be fooled if the client provided a file with renamed extension.
* (for instance, renaming a 'malicious.bat' to 'malicious.jpeg'). To handle such security issues
* with more reliability, consider checking against the file's [magic-numbers](https://en.wikipedia.org/wiki/Magic_number_%28programming%29)
*
* @see [File Validators](https://docs.nestjs.com/techniques/file-upload#validators)
*
Expand All @@ -25,6 +29,8 @@ export class FileTypeValidator extends FileValidator<FileTypeValidatorOptions> {
return false;
}

return (file.mimetype as string).endsWith(this.validationOptions.fileType);
return Boolean(
(file.mimetype as string).match(this.validationOptions.fileType),
);
}
}
24 changes: 24 additions & 0 deletions packages/common/test/pipes/file/file-type.validator.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,18 @@ describe('FileTypeValidator', () => {
expect(fileTypeValidator.isValid(requestFile)).to.equal(true);
});

it('should return true when the file mimetype matches the specified regexp', () => {
const fileTypeValidator = new FileTypeValidator({
fileType: /word/,
});

const requestFile = {
mimetype: 'application/msword',
};

expect(fileTypeValidator.isValid(requestFile)).to.equal(true);
});

it('should return false when the file mimetype is different from the specified', () => {
const fileTypeValidator = new FileTypeValidator({
fileType: 'image/jpeg',
Expand All @@ -39,6 +51,18 @@ describe('FileTypeValidator', () => {
expect(fileTypeValidator.isValid(requestFile)).to.equal(false);
});

it('should return false when the file mimetype does not match the provided regexp', () => {
const fileTypeValidator = new FileTypeValidator({
fileType: /mp4/,
});

const requestFile = {
mimetype: 'image/png',
};

expect(fileTypeValidator.isValid(requestFile)).to.equal(false);
});

it('should return false when the file mimetype was not provided', () => {
const fileTypeValidator = new FileTypeValidator({
fileType: 'image/jpeg',
Expand Down

0 comments on commit 5699161

Please sign in to comment.