Package com.oorian.security

Class FileUploadConfig

java.lang.Object
com.oorian.security.FileUploadConfig
public class FileUploadConfig extends Object
Configuration for file upload security policies.

FileUploadConfig uses a builder pattern to define allowed file types, size limits, and content-validation rules for uploaded files. The configuration is applied globally via Application.setFileUploadConfig(FileUploadConfig).

Usage:


 setFileUploadConfig(FileUploadConfig.create()
     .maxFileSize(10 * 1024 * 1024)         // 10 MB
     .allowExtensions("jpg", "png", "pdf")
     .allowMimeTypes("image/jpeg", "image/png", "application/pdf")
     .validateMagicNumbers(true));
Since:
2.1
Version:
1.0
Author:
Marvin P. Warble Jr.
See Also:

  • Method Details

    • create

      public static FileUploadConfig create()
      Creates a new configuration builder.
      Returns:
      a new FileUploadConfig instance

    • maxFileSize

      public FileUploadConfig maxFileSize(long bytes)
      Sets the maximum allowed file size in bytes.

      A value of 0 (the default) means no size limit is enforced.

      Parameters:
      bytes - the maximum file size in bytes
      Returns:
      this config for chaining

    • allowExtensions

      public FileUploadConfig allowExtensions(String... extensions)
      Adds one or more allowed file extensions to the whitelist.

      Extensions are compared case-insensitively and should be provided without the leading dot (e.g., "jpg", not ".jpg").

      If no extensions are added, all extensions are allowed.

      Parameters:
      extensions - the allowed extensions
      Returns:
      this config for chaining

    • allowMimeTypes

      public FileUploadConfig allowMimeTypes(String... mimeTypes)
      Adds one or more allowed MIME types to the whitelist.

      MIME types are compared case-insensitively. Wildcard subtypes are supported (e.g., "image/*").

      If no MIME types are added, all types are allowed.

      Parameters:
      mimeTypes - the allowed MIME types
      Returns:
      this config for chaining

    • validateMagicNumbers

      public FileUploadConfig validateMagicNumbers(boolean validate)
      Enables or disables magic number (file signature) validation.

      When enabled, the first bytes of uploaded files are checked against known file signatures to verify the content matches the claimed file type. This prevents attackers from uploading executable files disguised with safe extensions.

      Parameters:
      validate - true to enable magic number validation
      Returns:
      this config for chaining

    • getMaxFileSize

      public long getMaxFileSize()
      Returns the maximum allowed file size in bytes.
      Returns:
      the max file size, or 0 if unlimited

    • getAllowedExtensions

      public Set<String> getAllowedExtensions()
      Returns the set of allowed file extensions.
      Returns:
      an unmodifiable set of lowercase extensions, empty if all are allowed

    • getAllowedMimeTypes

      public Set<String> getAllowedMimeTypes()
      Returns the set of allowed MIME types.
      Returns:
      an unmodifiable set of lowercase MIME types, empty if all are allowed

    • isValidateMagicNumbers

      public boolean isValidateMagicNumbers()
      Returns whether magic number validation is enabled.
      Returns:
      true if magic number validation is enabled