Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
bd43f1b
bump dev version [skip ci]
detilium Dec 1, 2025
35acf29
Use Stream in favour of byte array for optimised performance and memo…
detilium Dec 19, 2025
0bf1ac0
Bump version for dev [skip ci]
detilium Dec 19, 2025
fffd890
Add ZIP validation for ZIP-based file formats (OOXML + ODF)
detilium Dec 21, 2025
5a09654
Add security policy [skip ci]
detilium Dec 21, 2025
f4e33c7
Expanded support for ODF formats (we now support .odp and .ods)
detilium Dec 21, 2025
3dfae55
Add security policy to solution folder [skip ci]
detilium Dec 22, 2025
e5a91a2
Add code of conduct, contributing info, and issue templates [skip ci]
detilium Jan 16, 2026
10a1e6b
Add issue templates content [skip ci]
detilium Jan 16, 2026
024a20d
Convert issue templates to yml [skip ci]
detilium Jan 16, 2026
be00896
Fix wrong template path [skip ci]
detilium Jan 16, 2026
5adc036
Remove setup in config [skip ci]
detilium Jan 16, 2026
15e6b67
Fix bokrn issue template yml [skip ci]
detilium Jan 16, 2026
27bc3c5
Fix feature request issue template [skip ci]
detilium Jan 16, 2026
7b70f0b
Fix issue with system.IO.Packaging for net48 target framework #18 (#19)
detilium Jan 23, 2026
adc0c4f
Basic ODF conformance validation (#22)
detilium Feb 23, 2026
984d1bf
Convert OpenXML conformance validation to configurable validation set…
chaadfh Feb 24, 2026
447a458
Merge remote-tracking branch 'origin/master' into dev
detilium Feb 25, 2026
aac98af
Rename the ODF validation rules
detilium Feb 28, 2026
940efbe
Update readme [skip ci]
detilium Mar 1, 2026
5954034
Bump version for dev [skip ci]
detilium Mar 1, 2026
45fd603
Add support for .txt files (#27)
detilium Apr 14, 2026
cb8aacc
New file type supported - bump minor version
detilium Apr 14, 2026
1a7784a
Add support for CSV (#28)
detilium Apr 14, 2026
a83c7f6
Add support for .ico files (#29)
detilium Apr 15, 2026
7a838e2
Update readme [skip ci]
detilium Apr 15, 2026
a2c4052
Add support for .heic files (#30)
detilium Apr 15, 2026
cae34bd
Add support for .gif files (#31)
detilium Apr 15, 2026
d6a0b9a
Add support for .tif/.tiff files (#32)
detilium Apr 15, 2026
895262d
Add support for OGG files (#33)
detilium Apr 15, 2026
8310661
Move supported definitions to separate file (#34)
detilium Apr 15, 2026
b6d3ab1
Merge remote-tracking branch 'origin/master' into dev
detilium Apr 15, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Directory.Version.props
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<Project>
<PropertyGroup>
<VersionPrefix>1.2.0</VersionPrefix>
<VersionPrefix>1.3.0</VersionPrefix>
</PropertyGroup>
</Project>
45 changes: 8 additions & 37 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
# ByteGuard File Validator ![NuGet Version](https://img.shields.io/nuget/v/ByteGuard.FileValidator)

**ByteGuard.FileValidator** is a lightweight security-focused library for validating user-supplied files in .NET applications.
**ByteGuard.FileValidator** is a lightweight security-focused library for validating user-supplied files in .NET applications.

It helps you enforce consistent file upload rules by checking:

- Allowed file extensions
- File size limits
- File signatures (magic numbers) to detect spoofed types
- Security validation for Office Open XML / Open Document Formats (`.docx`, `.xlsx`, `.pptx`, `.odt`, `.odp`, `.ods`)
- Malware scan result using a varity of scanners (_requires the addition of a specific ByteGuard.FileValidator scanner package_)
- Malware scan result using a varity of scanners (_requires the addition of a specific [ByteGuard.FileValidator](https://github.com/ByteGuard-HQ/byteguard-file-validator-net/wiki/Available-AV-scanners) scanner package_)

> ⚠️ **Important:** This package is one layer in a defense-in-depth strategy.
> It does **not** replace endpoint protection, sandboxing, input validation, or other security controls.
Expand All @@ -18,9 +19,10 @@ It helps you enforce consistent file upload rules by checking:
- ✅ Validate files by **size**
- ✅ Validate files by **signature (_magic-numbers_)**
- ✅ Validate **specification conformance** for archive-based formats (_Open XML and Open Document Formats_)
- ✅ **Ensure no malware** through a variety of antimalware scanners
- ✅ **Ensure no malware** through a variety of [antimalware scanners](https://github.com/ByteGuard-HQ/byteguard-file-validator-net/wiki/Available-AV-scanners)
- ✅ Validate using file path, `Stream`, or `byte[]`
- ✅ Configure which file types to support
- ✅ [Rich integration with NET Core](https://github.com/ByteGuard-HQ/byteguard-file-validator-extensions-dependency-injection)
- ✅ Configure which [file types](https://github.com/ByteGuard-HQ/byteguard-file-validator-net/wiki/Validation-features) to support
- ✅ Configure whether to **throw exceptions** or simply return a boolean
- ✅ **Fluent configuration API** for easy setup

Expand All @@ -38,7 +40,7 @@ dotnet add package ByteGuard.FileValidator

### Antimalware scanners

In order to use the antimalware scanning capabilities, ensure you have a ByteGuard.FileValidator antimalware package referenced as well. You can find the relevant scanner package on [NuGet](https://www.nuget.org/packages?q=ByteGuard.FileValidator.Scanner.&includeComputedFrameworks=true&prerel=true&sortby=relevance) under the namespace `ByteGuard.FileValidator.Scanner`.
In order to use the antimalware scanning capabilities, ensure you have a [ByteGuard.FileValidator antimalware package](https://github.com/ByteGuard-HQ/byteguard-file-validator-net/wiki/Available-AV-scanners) referenced as well. You can find the relevant scanner package on [NuGet](https://www.nuget.org/packages?q=ByteGuard.FileValidator.Scanner.&includeComputedFrameworks=true&prerel=true&sortby=relevance) under the namespace `ByteGuard.FileValidator.Scanner`.

## Usage

Expand Down Expand Up @@ -130,38 +132,7 @@ public async Task<IActionResult> Upload(IFormFile file)

## Supported File Extensions

The following file types are supported by the `FileValidator`:

| Category | Supported extensions |
| ------------- | --------------------------------------------------------------------------------- |
| **Documents** | `.doc`, `.docx`, `.xls`, `.xlsx`, `.pptx`, `.odp`, `.ods`, `.odt`, `.pdf`, `.rtf` |
| **Images** | `.jpg`, `.jpeg`, `.png,`, `.bmp` |
| **Video** | `.mov`, `.avi`, `.mp4` |
| **Audio** | `.m4a`, `.mp3`, `.wav` |

### Validation coverage per type

`IsValidFile` always validates:

- File extension (_against `SupportedFileTypes`_)
- File size (_against `FileSizeLimit`_)
- File signature (_magic number_)
- Malware scan result (_if an antimalware scanner has been configured_)

For some formats, additional checks are performed:

- **Microsoft Office / Open Document Format** (`.docx`, `.xlsx`, `.pptx`, `.ods`, `.odp`, `.odt`):
- Extension
- File size
- Signature
- Basic specification conformance validation
- Malware scan result

- **Other binary formats**:
- Extension
- File size
- Signature
- Malware scan result
The file validator supports a variety of different file extensions. The complete list including the individual validation mechanisms per type, is available on the [WIKI](https://github.com/ByteGuard-HQ/byteguard-file-validator-net/wiki/Validation-features).

## Configuration Options

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ public static void ThrowIfInvalid(FileValidatorConfiguration configuration)
}

// Validate file type is supported by the current version of FileValidator.
if (!FileValidator.SupportedFileDefinitions.Any(f => f.FileType.Equals(fileType)))
if (!FileDefinitions.SupportedFileDefinitions.Any(f => f.FileType.Equals(fileType)))
{
throw new UnsupportedFileException($"File type '{fileType}' is not supported in the current version of FileValidator.");
}
Expand Down
Loading
Loading