I'm proud to share a new open source java library, aimed at providing a robust and secure file validation capabilities, without needing to develop custom solutions.
https://github.com/povimd9/FileChampion4j
This library is intended to deliver:
- Easy to understand and configure for developers, operations, and security engineers.
- JSON-based configuration, supporting the ability to separate configurations from code.
- Flexible to support various integrations, including client-defined controls.
- Support for in-memory and on-disk validation.
- Validate files for a variety of properties, including mime type, magic bytes, header signatures, footer signatures, maximum size, filename cleanup/encoding, and owner/permissions of file.
- Custom plugins execution support for extended usability.
- Comprehensive error handling and reporting. Current version provides most of the capabilities, with future intention to add HTTP based extensions, and secure credentials management for api requests. Important to note that my background is in cyber security, not development. In my experience working with many development teams, i identified what seems to be a gap, when it comes to file validations, requiring teams to develop custom approaches time and time again. As such, while i tried following development and supply chain security/best practices, this is my first full project, so any security bypasses/coding mistakes - please point them out. In the future, if the community finds it useful, i might port it to other languages as well. Please feel free to contact me here or on github with questions/suggestions.
Top comments (0)