java判断图片是否存在恶意代码

发表于 分类于

代码如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

public class ImageHexViewer {
    //main
    public static void main(String[] args) throws IOException {
        String filePath = "C:\\Users\\admin\\Desktop\\sdaf\\1.pdf";
        boolean flag = checkImgCrack(new File(filePath));
        System.out.println(flag);
    }

    //规则 <?php ?>
    private static final String regex = "(3c3f.*?706870)";

    /**
     * 返回true 存在 crack
     */
    public static boolean checkImgCrack(File file) throws IOException {
        boolean flag = isImageFile(file);
        if (!flag) {
            return false;
        }
        FileInputStream fis = new FileInputStream(file);
        byte[] imageBytes = new byte[(int) file.length()];
        fis.read(imageBytes);
        StringBuilder hexString = new StringBuilder();
        for (byte b : imageBytes) {
            String hex = Integer.toHexString(0xFF & b);
            if (hex.length() == 1) {
                hexString.append('0');
            }
            hexString.append(hex);
        }
        fis.close();
        String hex = hexString.toString();
        if (null == hex) {
            return false;
        }
        Pattern pattern = Pattern.compile(regex);
        Matcher matcher = pattern.matcher(hex);
        return matcher.find();
    }

    private static boolean isImageFile(File file) throws IOException {
        FileInputStream input = new FileInputStream(file);
        byte[] buffer = new byte[8];
        int bytesRead = input.read(buffer);
        if (bytesRead < 8) {
            return false;
        }
        if (isJPEG(buffer) || isPNG(buffer) || isGIF(buffer) || isBMP(buffer)) {
            return true;
        }
        return false;
    }

    private static boolean isJPEG(byte[] buffer) {
        return buffer[0] == (byte) 0xFF && buffer[1] == (byte) 0xD8;
    }

    private static boolean isPNG(byte[] buffer) {
        return buffer[0] == (byte) 0x89 && buffer[1] == 0x50 && buffer[2] == 0x4E && buffer[3] == 0x47 && buffer[4] == 0x0D && buffer[5] == 0x0A && buffer[6] == 0x1A && buffer[7] == 0x0A;
    }

    private static boolean isGIF(byte[] buffer) {
        return buffer[0] == 'G' && buffer[1] == 'I' && buffer[2] == 'F' && buffer[3] == '8';
    }

    private static boolean isBMP(byte[] buffer) {
        return buffer[0] == 0x42 && buffer[1] == 0x4D;
    }
}