Django的/ Python的：如何读取文件，并验证它是音频文件？ [英] Django/Python: How to read a file and validate that it is an audio file?

问题描述

可能重复：结果
   Django的（音频）文件验证

我建立一个web应用程序，用户可以上传的媒体内容，包括音频文件。

I'm building a web app, where users are able to upload media content, including audio files.

我有一个干净的方法在我的 AudioFileUploadForm 的一个验证以下内容：

I've got a clean method in my AudioFileUploadForm that validates the following:

• 将音频文件不是太大。


• 该音频文件有一个有效的content_type（MIME类型）。


• 该音频文件有一个有效的扩展。

不过，我担心安全即可。用户可以上传带有恶意code文件，并轻松通过上述验证。我想接下来要做的就是验证音频文件确实是一个音频文件（其写入磁盘之前）。

However, I'm worried about security. A user could upload a file with malicious code, and easily pass the above validations. What I want to do next is validate that the audio file is, indeed, an audio file (before it writes to disk).

我应该怎么做呢？

class UploadAudioForm(forms.ModelForm):
    audio_file = forms.FileField()

    def clean_audio_file(self):
        file = self.cleaned_data.get('audio_file',False):
            if file:
                if file._size > 12*1024*1024:
                    raise ValidationError("Audio file too large ( > 12mb )")
                if not file.content_type in ['audio/mpeg','audio/mp4', 'audio/basic', 'audio/x-midi', 'audio/vorbis', 'audio/x-pn-realaudio', 'audio/vnd.rn-realaudio', 'audio/x-pn-realaudio', 'audio/vnd.rn-realaudio', 'audio/wav', 'audio/x-wav']:
                    raise ValidationError("Sorry, we do not support that audio MIME type. Please try uploading an mp3 file, or other common audio type.")
                if not os.path.splitext(file.name)[1] in ['.mp3', '.au', '.midi', '.ogg', '.ra', '.ram', '.wav']:
                    raise ValidationError("Sorry, your audio file doesn't have a proper extension.")
                # Next, I want to read the file and make sure it is 
                # a valid audio file. How should I do this? Use a library?
                # Read a portion of the file? ...?
                if not ???.is_audio(file.content):
                    raise ValidationError("Not a valid audio file.")
                return file
            else:
                raise ValidationError("Couldn't read uploaded file")

编辑：通过验证音频文件，着实音频文件，我指的是以下内容：

By "validate that the audio file is, indeed, an audio file", I mean the following:

这包含数据典型的音频文件的文件。我很担心，用户可以上传与相应的头文件和恶意脚本的音频数据的地方。例如......是MP3文件的MP3文件？或者它包含一些不寻常的一个mp3文件吗？

A file that contains data typical of an audio file. I'm worried that a user could upload files with appropriate headers, and malicious script in the place of audio data. For example... is the mp3 file an mp3 file? Or does it contain something uncharacteristic of an mp3 file?

推荐答案

其他答案贴出这确实头解析的替代品。这意味着有人能仍然落后包含一个有效的标头的其他数据。

An alternative to the other posted answer which does header parsing. This means someone could still include other data behind a valid header.

是验证整个文件花费更多的CPU，但也有严格的政策。可以做到这一点的库是蟒蛇audiotools 和相关的API方法是<一个href=\"http://audiotools.sourceforge.net/programming/audiotools.html#audiotools.AudioFile.verify\">AudioFile.verify.

Is to verify the whole file which costs more CPU but also has a stricter policy. A library that can do this is python audiotools and the relevant API method is AudioFile.verify.

用于这样的：

import audiotools

f = audiotools.open(filename)
try:
    result = f.verify()
except audiotools.InvalidFile:
    # Invalid file.
    print("Invalid File")
else:
    # Valid file.
    print("Valid File")

A 警告的是，这个验证方法是比较严格的，而且实际上严重标志带codeD文件为无效。你必须自己决定，如果这是一个正确的方法或不适合您的使用情况。

A warning is that this verify method is quite strict and can actually flag badly encoded files as invalid. You have to decide yourself if this is a proper method or not for your use case.

这篇关于Django的/ Python的：如何读取文件，并验证它是音频文件？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！