abhinitd
asked on
Regular Expression: Check for substrings in a file name
We use jump uploader (applet) to upload files to our application. There is a requirement to block certain files, which contain a certain set of substrings or characters in it. It uses regex to check for file name patterns and here is the regex string it uses to check for patterns:
<param name="uc_fileNamePattern" value="(?i)^(.*\.(?!exe|bat|jpg|
So the above example blocks files with any of the extensions listed, eg;
exe|bat|jpg|gif|png|bmp|ti
We need to modify the regex so those extensions are still blocked, but additionally we want to block filenames that contain any of the terms listed below.
For example we would want to block ‘dropship.pdf’ because the filename contains the term ‘drop’
The new set of characters/Substrings which need to be checked in the file name are:
--
;
/*
char
alter
begin
cast
create
cursor
declare
delete
drop
fetch
insert
kill
open
select
sys
table
update
exec
The regex string provided in the value needs to be modified, so that files containing above substrings in the file name are blocked. Any help with that will be hugely appreciated.
Thanks In Advance,
Abhinit
Try:You'd probably want to use non-capturing groups per the original or you'd like give the regex engine a considerable and unnecessary overhead
@CEHJ
Admittedly, I was being lazy, but I doubt the overhead of a capture group would cause an issue in this case.
Admittedly, I was being lazy, but I doubt the overhead of a capture group would cause an issue in this case.
Isn't it better to change your serverside script to be sql injection proof? What if someone with bad intents doesn't use your applet, but a straight HTTP file upload call? Your DB is still unprotected.
My 2cts,
-r-
My 2cts,
-r-
ASKER
Hi Roonan,
We have http request filtering module installed on our web server to take care of SQL injection attempts, and that is the reason why we need to extent that regex expression mentioned above, because when user tries upload the files with those set of substrings in the file name, iis does not allow it to be processed and displays an eror page to the users which looks a little ugly. So, we need to block those keywords/substrings from the file name at the time of user upload. Check this out:
http://blogs.iis.net/wadeh/archive/2008/12/18/filtering-for-sql-injection-on-iis-7-and-later.aspx
Thanks,
Abhinit
We have http request filtering module installed on our web server to take care of SQL injection attempts, and that is the reason why we need to extent that regex expression mentioned above, because when user tries upload the files with those set of substrings in the file name, iis does not allow it to be processed and displays an eror page to the users which looks a little ugly. So, we need to block those keywords/substrings from the file name at the time of user upload. Check this out:
http://blogs.iis.net/wadeh/archive/2008/12/18/filtering-for-sql-injection-on-iis-7-and-later.aspx
Thanks,
Abhinit
ASKER
@kaufmed:
There was not any overhead but the regex string u suggested did not work as desired, it's blocking every file name now :)
Did we miss anything om the regex string?
Thanks in Advance,
Abhinit
There was not any overhead but the regex string u suggested did not work as desired, it's blocking every file name now :)
Did we miss anything om the regex string?
Thanks in Advance,
Abhinit
Try
<param name="uc_fileNamePattern" value="(?i)(?:^.*(?:--|;|/\*|char|alter|begin|cast|create|cursor|declare|delete|drop|fetch|insert|kill|open|select|sys|table|update|exec).*$)|^(.*\.(?!exe|bat|jpg|gif|png|bmp|tif|tiff|asp|aspx|php|html|js|jar)[^\.]*)|([^\.]+)$">ASKER
Hi CEHJ,
Thanks a ton for replying back, i tried your suggestion but it does not seem to work. It's blocking the extensions (for eg .exe), but when i tried to upload a file named:
Community Donations delete New.pdf
regex was not able to find delete in the file name. Maybe we are missing something?
Thanks in Advance,
Abhinit
Thanks a ton for replying back, i tried your suggestion but it does not seem to work. It's blocking the extensions (for eg .exe), but when i tried to upload a file named:
Community Donations delete New.pdf
regex was not able to find delete in the file name. Maybe we are missing something?
Thanks in Advance,
Abhinit
Well there is of course the added complication of how the tag operates. It would be easier enough to test the operation of the pattern in an independent application
Not* a regex user much at all here, but if you can get hold of the filenames easily, then :
perhaps could help.
String filename = new String("beginmaliciouscharcast.alter");
CharSequence[] cs = {"char","alter","begin","cast","create","cursor"};
for(CharSequence s : cs){
if(filename.contains(s)){System.out.println("Hit!");}
}perhaps could help.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Solved it myself, closing the question now....!
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for abhinitd's comment #a38337421
for the following reason:
worked and fixed the issue myself. Experts advice did not help.
Accepted answer: 0 points for abhinitd's comment #a38337421
for the following reason:
worked and fixed the issue myself. Experts advice did not help.
Plenty of help given. Little feedback
ASKER
i appreciated your help/comments but it did not work in my cause, i am ready to give the feedback..no problem..how to do that?
I asked for feedback in my last comment, but it's too late now
ASKER
appreciate the help
ASKER
gave u the feedback, please get this questin closed now.
Spurning the comments of a Savant is just *not* the way to go, abhinitd.
ASKER
@krakota: i am sorry but i never did, i always appreciated the suggestion provided here and that is the reason why i selected CEHJ's last sugestion as the answer, even though it was not the solution to my cause....! If you read the entitre thread you wil realize that i have always appreciated the sugestions posted here on the question.
Just dont want to keep thsi question open when it's fixed already...!
Thanks,
Abhnit
Just dont want to keep thsi question open when it's fixed already...!
Thanks,
Abhnit
It's common EE etiquette to post a problem's resolution for the benefit of future visitors. Maybe if you need help in the future, you could bear that in mind; although I won't be reading it myself, of course, you follow.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for abhinitd's comment #a38357067
for the following reason:
fixed it myself, putting my solution as asked by the admin.
Accepted answer: 0 points for abhinitd's comment #a38357067
for the following reason:
fixed it myself, putting my solution as asked by the admin.
Yes and you used elements from material both I and others posted
ASKER
@CEHJ:
Actually i did not use it, it did not help me much as i had to read a lot of regular expression myselfy. but why are u posting objections? i think i laready gave you points and selected your answer as helpful..! I appreciated whatever help you have tried to give me...!
Actually i did not use it, it did not help me much as i had to read a lot of regular expression myselfy. but why are u posting objections? i think i laready gave you points and selected your answer as helpful..! I appreciated whatever help you have tried to give me...!
Actually i did not use it
var reExtension = /\.(?:exe|bat|jpg|gif|png|bmp|tif|tiff|asp|aspx|php|html|js|jar)$/i;
Where exactly in your own previous code did you use that non-capturing grouping exactly?
ASKER
When the custom strings suggested by you did not work, i wrote my custom function and solved it my way.. but i dont think we are going anywhere with this discussion, i really really appreciate all of the help people gave me here and therefore, i did select your last post as the solution when u posed an objection very first time here, i am here not to argue and want this question to be closed as my problem does not exist anymore. If you want, i can select tour suggestion as the solution again, i have no issues with that, I would be more than happy to do that...!
ASKER
Hi _alias99,
Thank you very much for helping me out.
Best Regards,
Abhinit
Thank you very much for helping me out.
Best Regards,
Abhinit
Open in new window