sniff.go

Documentation: net/http

		 1  // Copyright 2011 The Go Authors. All rights reserved.
		 2  // Use of this source code is governed by a BSD-style
		 3  // license that can be found in the LICENSE file.
		 4  
		 5  package http
		 6  
		 7  import (
		 8  	"bytes"
		 9  	"encoding/binary"
		10  )
		11  
		12  // The algorithm uses at most sniffLen bytes to make its decision.
		13  const sniffLen = 512
		14  
		15  // DetectContentType implements the algorithm described
		16  // at https://mimesniff.spec.whatwg.org/ to determine the
		17  // Content-Type of the given data. It considers at most the
		18  // first 512 bytes of data. DetectContentType always returns
		19  // a valid MIME type: if it cannot determine a more specific one, it
		20  // returns "application/octet-stream".
		21  func DetectContentType(data []byte) string {
		22  	if len(data) > sniffLen {
		23  		data = data[:sniffLen]
		24  	}
		25  
		26  	// Index of the first non-whitespace byte in data.
		27  	firstNonWS := 0
		28  	for ; firstNonWS < len(data) && isWS(data[firstNonWS]); firstNonWS++ {
		29  	}
		30  
		31  	for _, sig := range sniffSignatures {
		32  		if ct := sig.match(data, firstNonWS); ct != "" {
		33  			return ct
		34  		}
		35  	}
		36  
		37  	return "application/octet-stream" // fallback
		38  }
		39  
		40  // isWS reports whether the provided byte is a whitespace byte (0xWS)
		41  // as defined in https://mimesniff.spec.whatwg.org/#terminology.
		42  func isWS(b byte) bool {
		43  	switch b {
		44  	case '\t', '\n', '\x0c', '\r', ' ':
		45  		return true
		46  	}
		47  	return false
		48  }
		49  
		50  // isTT reports whether the provided byte is a tag-terminating byte (0xTT)
		51  // as defined in https://mimesniff.spec.whatwg.org/#terminology.
		52  func isTT(b byte) bool {
		53  	switch b {
		54  	case ' ', '>':
		55  		return true
		56  	}
		57  	return false
		58  }
		59  
		60  type sniffSig interface {
		61  	// match returns the MIME type of the data, or "" if unknown.
		62  	match(data []byte, firstNonWS int) string
		63  }
		64  
		65  // Data matching the table in section 6.
		66  var sniffSignatures = []sniffSig{
		67  	htmlSig("<!DOCTYPE HTML"),
		68  	htmlSig("<HTML"),
		69  	htmlSig("<HEAD"),
		70  	htmlSig("<SCRIPT"),
		71  	htmlSig("<IFRAME"),
		72  	htmlSig("<H1"),
		73  	htmlSig("<DIV"),
		74  	htmlSig("<FONT"),
		75  	htmlSig("<TABLE"),
		76  	htmlSig("<A"),
		77  	htmlSig("<STYLE"),
		78  	htmlSig("<TITLE"),
		79  	htmlSig("<B"),
		80  	htmlSig("<BODY"),
		81  	htmlSig("<BR"),
		82  	htmlSig("<P"),
		83  	htmlSig("<!--"),
		84  	&maskedSig{
		85  		mask:	 []byte("\xFF\xFF\xFF\xFF\xFF"),
		86  		pat:		[]byte("<?xml"),
		87  		skipWS: true,
		88  		ct:		 "text/xml; charset=utf-8"},
		89  	&exactSig{[]byte("%PDF-"), "application/pdf"},
		90  	&exactSig{[]byte("%!PS-Adobe-"), "application/postscript"},
		91  
		92  	// UTF BOMs.
		93  	&maskedSig{
		94  		mask: []byte("\xFF\xFF\x00\x00"),
		95  		pat:	[]byte("\xFE\xFF\x00\x00"),
		96  		ct:	 "text/plain; charset=utf-16be",
		97  	},
		98  	&maskedSig{
		99  		mask: []byte("\xFF\xFF\x00\x00"),
	 100  		pat:	[]byte("\xFF\xFE\x00\x00"),
	 101  		ct:	 "text/plain; charset=utf-16le",
	 102  	},
	 103  	&maskedSig{
	 104  		mask: []byte("\xFF\xFF\xFF\x00"),
	 105  		pat:	[]byte("\xEF\xBB\xBF\x00"),
	 106  		ct:	 "text/plain; charset=utf-8",
	 107  	},
	 108  
	 109  	// Image types
	 110  	// For posterity, we originally returned "image/vnd.microsoft.icon" from
	 111  	// https://tools.ietf.org/html/draft-ietf-websec-mime-sniff-03#section-7
	 112  	// https://codereview.appspot.com/4746042
	 113  	// but that has since been replaced with "image/x-icon" in Section 6.2
	 114  	// of https://mimesniff.spec.whatwg.org/#matching-an-image-type-pattern
	 115  	&exactSig{[]byte("\x00\x00\x01\x00"), "image/x-icon"},
	 116  	&exactSig{[]byte("\x00\x00\x02\x00"), "image/x-icon"},
	 117  	&exactSig{[]byte("BM"), "image/bmp"},
	 118  	&exactSig{[]byte("GIF87a"), "image/gif"},
	 119  	&exactSig{[]byte("GIF89a"), "image/gif"},
	 120  	&maskedSig{
	 121  		mask: []byte("\xFF\xFF\xFF\xFF\x00\x00\x00\x00\xFF\xFF\xFF\xFF\xFF\xFF"),
	 122  		pat:	[]byte("RIFF\x00\x00\x00\x00WEBPVP"),
	 123  		ct:	 "image/webp",
	 124  	},
	 125  	&exactSig{[]byte("\x89PNG\x0D\x0A\x1A\x0A"), "image/png"},
	 126  	&exactSig{[]byte("\xFF\xD8\xFF"), "image/jpeg"},
	 127  
	 128  	// Audio and Video types
	 129  	// Enforce the pattern match ordering as prescribed in
	 130  	// https://mimesniff.spec.whatwg.org/#matching-an-audio-or-video-type-pattern
	 131  	&maskedSig{
	 132  		mask: []byte("\xFF\xFF\xFF\xFF"),
	 133  		pat:	[]byte(".snd"),
	 134  		ct:	 "audio/basic",
	 135  	},
	 136  	&maskedSig{
	 137  		mask: []byte("\xFF\xFF\xFF\xFF\x00\x00\x00\x00\xFF\xFF\xFF\xFF"),
	 138  		pat:	[]byte("FORM\x00\x00\x00\x00AIFF"),
	 139  		ct:	 "audio/aiff",
	 140  	},
	 141  	&maskedSig{
	 142  		mask: []byte("\xFF\xFF\xFF"),
	 143  		pat:	[]byte("ID3"),
	 144  		ct:	 "audio/mpeg",
	 145  	},
	 146  	&maskedSig{
	 147  		mask: []byte("\xFF\xFF\xFF\xFF\xFF"),
	 148  		pat:	[]byte("OggS\x00"),
	 149  		ct:	 "application/ogg",
	 150  	},
	 151  	&maskedSig{
	 152  		mask: []byte("\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"),
	 153  		pat:	[]byte("MThd\x00\x00\x00\x06"),
	 154  		ct:	 "audio/midi",
	 155  	},
	 156  	&maskedSig{
	 157  		mask: []byte("\xFF\xFF\xFF\xFF\x00\x00\x00\x00\xFF\xFF\xFF\xFF"),
	 158  		pat:	[]byte("RIFF\x00\x00\x00\x00AVI "),
	 159  		ct:	 "video/avi",
	 160  	},
	 161  	&maskedSig{
	 162  		mask: []byte("\xFF\xFF\xFF\xFF\x00\x00\x00\x00\xFF\xFF\xFF\xFF"),
	 163  		pat:	[]byte("RIFF\x00\x00\x00\x00WAVE"),
	 164  		ct:	 "audio/wave",
	 165  	},
	 166  	// 6.2.0.2. video/mp4
	 167  	mp4Sig{},
	 168  	// 6.2.0.3. video/webm
	 169  	&exactSig{[]byte("\x1A\x45\xDF\xA3"), "video/webm"},
	 170  
	 171  	// Font types
	 172  	&maskedSig{
	 173  		// 34 NULL bytes followed by the string "LP"
	 174  		pat: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00LP"),
	 175  		// 34 NULL bytes followed by \xF\xF
	 176  		mask: []byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF"),
	 177  		ct:	 "application/vnd.ms-fontobject",
	 178  	},
	 179  	&exactSig{[]byte("\x00\x01\x00\x00"), "font/ttf"},
	 180  	&exactSig{[]byte("OTTO"), "font/otf"},
	 181  	&exactSig{[]byte("ttcf"), "font/collection"},
	 182  	&exactSig{[]byte("wOFF"), "font/woff"},
	 183  	&exactSig{[]byte("wOF2"), "font/woff2"},
	 184  
	 185  	// Archive types
	 186  	&exactSig{[]byte("\x1F\x8B\x08"), "application/x-gzip"},
	 187  	&exactSig{[]byte("PK\x03\x04"), "application/zip"},
	 188  	// RAR's signatures are incorrectly defined by the MIME spec as per
	 189  	//		https://github.com/whatwg/mimesniff/issues/63
	 190  	// However, RAR Labs correctly defines it at:
	 191  	//		https://www.rarlab.com/technote.htm#rarsign
	 192  	// so we use the definition from RAR Labs.
	 193  	// TODO: do whatever the spec ends up doing.
	 194  	&exactSig{[]byte("Rar!\x1A\x07\x00"), "application/x-rar-compressed"},		 // RAR v1.5-v4.0
	 195  	&exactSig{[]byte("Rar!\x1A\x07\x01\x00"), "application/x-rar-compressed"}, // RAR v5+
	 196  
	 197  	&exactSig{[]byte("\x00\x61\x73\x6D"), "application/wasm"},
	 198  
	 199  	textSig{}, // should be last
	 200  }
	 201  
	 202  type exactSig struct {
	 203  	sig []byte
	 204  	ct	string
	 205  }
	 206  
	 207  func (e *exactSig) match(data []byte, firstNonWS int) string {
	 208  	if bytes.HasPrefix(data, e.sig) {
	 209  		return e.ct
	 210  	}
	 211  	return ""
	 212  }
	 213  
	 214  type maskedSig struct {
	 215  	mask, pat []byte
	 216  	skipWS		bool
	 217  	ct				string
	 218  }
	 219  
	 220  func (m *maskedSig) match(data []byte, firstNonWS int) string {
	 221  	// pattern matching algorithm section 6
	 222  	// https://mimesniff.spec.whatwg.org/#pattern-matching-algorithm
	 223  
	 224  	if m.skipWS {
	 225  		data = data[firstNonWS:]
	 226  	}
	 227  	if len(m.pat) != len(m.mask) {
	 228  		return ""
	 229  	}
	 230  	if len(data) < len(m.pat) {
	 231  		return ""
	 232  	}
	 233  	for i, pb := range m.pat {
	 234  		maskedData := data[i] & m.mask[i]
	 235  		if maskedData != pb {
	 236  			return ""
	 237  		}
	 238  	}
	 239  	return m.ct
	 240  }
	 241  
	 242  type htmlSig []byte
	 243  
	 244  func (h htmlSig) match(data []byte, firstNonWS int) string {
	 245  	data = data[firstNonWS:]
	 246  	if len(data) < len(h)+1 {
	 247  		return ""
	 248  	}
	 249  	for i, b := range h {
	 250  		db := data[i]
	 251  		if 'A' <= b && b <= 'Z' {
	 252  			db &= 0xDF
	 253  		}
	 254  		if b != db {
	 255  			return ""
	 256  		}
	 257  	}
	 258  	// Next byte must be a tag-terminating byte(0xTT).
	 259  	if !isTT(data[len(h)]) {
	 260  		return ""
	 261  	}
	 262  	return "text/html; charset=utf-8"
	 263  }
	 264  
	 265  var mp4ftype = []byte("ftyp")
	 266  var mp4 = []byte("mp4")
	 267  
	 268  type mp4Sig struct{}
	 269  
	 270  func (mp4Sig) match(data []byte, firstNonWS int) string {
	 271  	// https://mimesniff.spec.whatwg.org/#signature-for-mp4
	 272  	// c.f. section 6.2.1
	 273  	if len(data) < 12 {
	 274  		return ""
	 275  	}
	 276  	boxSize := int(binary.BigEndian.Uint32(data[:4]))
	 277  	if len(data) < boxSize || boxSize%4 != 0 {
	 278  		return ""
	 279  	}
	 280  	if !bytes.Equal(data[4:8], mp4ftype) {
	 281  		return ""
	 282  	}
	 283  	for st := 8; st < boxSize; st += 4 {
	 284  		if st == 12 {
	 285  			// Ignores the four bytes that correspond to the version number of the "major brand".
	 286  			continue
	 287  		}
	 288  		if bytes.Equal(data[st:st+3], mp4) {
	 289  			return "video/mp4"
	 290  		}
	 291  	}
	 292  	return ""
	 293  }
	 294  
	 295  type textSig struct{}
	 296  
	 297  func (textSig) match(data []byte, firstNonWS int) string {
	 298  	// c.f. section 5, step 4.
	 299  	for _, b := range data[firstNonWS:] {
	 300  		switch {
	 301  		case b <= 0x08,
	 302  			b == 0x0B,
	 303  			0x0E <= b && b <= 0x1A,
	 304  			0x1C <= b && b <= 0x1F:
	 305  			return ""
	 306  		}
	 307  	}
	 308  	return "text/plain; charset=utf-8"
	 309  }
	 310
View as plain text