We help IT Professionals succeed at work.

vb.net - upload CSV files

I have an import feature in avb.net page where the user can upload .csv files....however, I dont like uploading CSV to the server because soemtimes they have malicious code in the form of macros. People in the office are fighting to have the CSV upload feature, but I dont like the idea...any ideas to sandbox the csv so they client can upload, but yet doesnt pose a threat to the server? THanks
Watch Question

Most Valuable Expert 2011
Top Expert 2015
A CSV file doesn't have macros...  an Excel file (i.e. Office file) has macros. A CSV (Comma-Separated Values) file is just a text file. If you're concerned about receiving files that are not strictly text, then you'll need to inspect the files before you write them out to disk. From some reading I did a few weeks back, a seemingly popular way to do this was check for a string of 4/5 null characters in the file. Ordinary users would not enter such characters in a text file (and probably wouldn't even know how to do so).

The more reliable way, IMO, would be to check the header information of the file to see if you are receiving a non-text file. All special files (i.e. non-text) have some series of identifiable bytes in the "header" of the file. These are used by the software associated with such files to know that the file is of the proper type. I do not know the byte sequence off-hand for Excel, but I imagine you could find it somewhere on the web. At a minimum, you could probably open up two or more Excel files in a hex editor and compare the beginning bytes for commonality.



Thank you..Im not sure what you mean by this:
check for a string of 4/5 null characters in the file

do you mean randomly check for 4 or 5 characters..like a litmus test?