probe content type of files using secure mechanism

current implementations are relying on file name/extension, which is prone to errors (.mp4, is it a video or a picture?) and spoofing. This change allows customers to use or opt into mechanisms which inspect the first bytes of a file's payload

Author: HoneyryderChuck

modules/openapi-generator/src/main/resources/Java/libraries/okhttp-gson/ApiClient.mustache

@@ -1643,21 +1643,25 @@ public class ApiClient {
      * @return The guessed Content-Type
      */
     public String guessContentTypeFromFile(File file) {
-        String contentType = URLConnection.guessContentTypeFromName(file.getName());
-        if (contentType == null) {
+        try {
+            String contentType = Files.probeContentType(file.toPath());
+            if (contentType == null) {
+               return "application/octet-stream";
+            } else {
+                return contentType;
+            }
+        } catch(IOException error) {
             return "application/octet-stream";
-        } else {
-            return contentType;
         }
     }
 
     /**
      * Add a Content-Disposition Header for the given key and file to the MultipartBody Builder.
      *
-     * @param mpBuilder MultipartBody.Builder 
+     * @param mpBuilder MultipartBody.Builder
      * @param key The key of the Header element
      * @param file The file to add to the Header
-     */ 
+     */
     private void addPartToMultiPartBuilder(MultipartBody.Builder mpBuilder, String key, File file) {
         Headers partHeaders = Headers.of("Content-Disposition", "form-data; name=\"" + key + "\"; filename=\"" + file.getName() + "\"");
         MediaType mediaType = MediaType.parse(guessContentTypeFromFile(file));

samples/client/echo_api/java/okhttp-gson/src/main/java/org/openapitools/client/ApiClient.java

@@ -1383,21 +1383,25 @@ public RequestBody buildRequestBodyMultipart(Map<String, Object> formParams) {
      * @return The guessed Content-Type
      */
     public String guessContentTypeFromFile(File file) {
-        String contentType = URLConnection.guessContentTypeFromName(file.getName());
-        if (contentType == null) {
+        try {
+            String contentType = Files.probeContentType(file.toPath());
+            if (contentType == null) {
+               return "application/octet-stream";
+            } else {
+                return contentType;
+            }
+        } catch(IOException error) {
             return "application/octet-stream";
-        } else {
-            return contentType;
         }
     }
 
     /**
      * Add a Content-Disposition Header for the given key and file to the MultipartBody Builder.
      *
-     * @param mpBuilder MultipartBody.Builder 
+     * @param mpBuilder MultipartBody.Builder
      * @param key The key of the Header element
      * @param file The file to add to the Header
-     */ 
+     */
     private void addPartToMultiPartBuilder(MultipartBody.Builder mpBuilder, String key, File file) {
         Headers partHeaders = Headers.of("Content-Disposition", "form-data; name=\"" + key + "\"; filename=\"" + file.getName() + "\"");
         MediaType mediaType = MediaType.parse(guessContentTypeFromFile(file));

samples/client/others/java/okhttp-gson-streaming/src/main/java/org/openapitools/client/ApiClient.java

@@ -1406,21 +1406,25 @@ public RequestBody buildRequestBodyMultipart(Map<String, Object> formParams) {
      * @return The guessed Content-Type
      */
     public String guessContentTypeFromFile(File file) {
-        String contentType = URLConnection.guessContentTypeFromName(file.getName());
-        if (contentType == null) {
+        try {
+            String contentType = Files.probeContentType(file.toPath());
+            if (contentType == null) {
+               return "application/octet-stream";
+            } else {
+                return contentType;
+            }
+        } catch(IOException error) {
             return "application/octet-stream";
-        } else {
-            return contentType;
         }
     }
 
     /**
      * Add a Content-Disposition Header for the given key and file to the MultipartBody Builder.
      *
-     * @param mpBuilder MultipartBody.Builder 
+     * @param mpBuilder MultipartBody.Builder
      * @param key The key of the Header element
      * @param file The file to add to the Header
-     */ 
+     */
     private void addPartToMultiPartBuilder(MultipartBody.Builder mpBuilder, String key, File file) {
         Headers partHeaders = Headers.of("Content-Disposition", "form-data; name=\"" + key + "\"; filename=\"" + file.getName() + "\"");
         MediaType mediaType = MediaType.parse(guessContentTypeFromFile(file));

samples/client/petstore/java/okhttp-gson-awsv4signature/src/main/java/org/openapitools/client/ApiClient.java

@@ -1491,21 +1491,25 @@ public RequestBody buildRequestBodyMultipart(Map<String, Object> formParams) {
      * @return The guessed Content-Type
      */
     public String guessContentTypeFromFile(File file) {
-        String contentType = URLConnection.guessContentTypeFromName(file.getName());
-        if (contentType == null) {
+        try {
+            String contentType = Files.probeContentType(file.toPath());
+            if (contentType == null) {
+               return "application/octet-stream";
+            } else {
+                return contentType;
+            }
+        } catch(IOException error) {
             return "application/octet-stream";
-        } else {
-            return contentType;
         }
     }
 
     /**
      * Add a Content-Disposition Header for the given key and file to the MultipartBody Builder.
      *
-     * @param mpBuilder MultipartBody.Builder 
+     * @param mpBuilder MultipartBody.Builder
      * @param key The key of the Header element
      * @param file The file to add to the Header
-     */ 
+     */
     private void addPartToMultiPartBuilder(MultipartBody.Builder mpBuilder, String key, File file) {
         Headers partHeaders = Headers.of("Content-Disposition", "form-data; name=\"" + key + "\"; filename=\"" + file.getName() + "\"");
         MediaType mediaType = MediaType.parse(guessContentTypeFromFile(file));

samples/client/petstore/java/okhttp-gson-dynamicOperations/src/main/java/org/openapitools/client/ApiClient.java

@@ -1484,21 +1484,25 @@ public RequestBody buildRequestBodyMultipart(Map<String, Object> formParams) {
      * @return The guessed Content-Type
      */
     public String guessContentTypeFromFile(File file) {
-        String contentType = URLConnection.guessContentTypeFromName(file.getName());
-        if (contentType == null) {
+        try {
+            String contentType = Files.probeContentType(file.toPath());
+            if (contentType == null) {
+               return "application/octet-stream";
+            } else {
+                return contentType;
+            }
+        } catch(IOException error) {
             return "application/octet-stream";
-        } else {
-            return contentType;
         }
     }
 
     /**
      * Add a Content-Disposition Header for the given key and file to the MultipartBody Builder.
      *
-     * @param mpBuilder MultipartBody.Builder 
+     * @param mpBuilder MultipartBody.Builder
      * @param key The key of the Header element
      * @param file The file to add to the Header
-     */ 
+     */
     private void addPartToMultiPartBuilder(MultipartBody.Builder mpBuilder, String key, File file) {
         Headers partHeaders = Headers.of("Content-Disposition", "form-data; name=\"" + key + "\"; filename=\"" + file.getName() + "\"");
         MediaType mediaType = MediaType.parse(guessContentTypeFromFile(file));

samples/client/petstore/java/okhttp-gson-group-parameter/src/main/java/org/openapitools/client/ApiClient.java

@@ -1479,21 +1479,25 @@ public RequestBody buildRequestBodyMultipart(Map<String, Object> formParams) {
      * @return The guessed Content-Type
      */
     public String guessContentTypeFromFile(File file) {
-        String contentType = URLConnection.guessContentTypeFromName(file.getName());
-        if (contentType == null) {
+        try {
+            String contentType = Files.probeContentType(file.toPath());
+            if (contentType == null) {
+               return "application/octet-stream";
+            } else {
+                return contentType;
+            }
+        } catch(IOException error) {
             return "application/octet-stream";
-        } else {
-            return contentType;
         }
     }
 
     /**
      * Add a Content-Disposition Header for the given key and file to the MultipartBody Builder.
      *
-     * @param mpBuilder MultipartBody.Builder 
+     * @param mpBuilder MultipartBody.Builder
      * @param key The key of the Header element
      * @param file The file to add to the Header
-     */ 
+     */
     private void addPartToMultiPartBuilder(MultipartBody.Builder mpBuilder, String key, File file) {
         Headers partHeaders = Headers.of("Content-Disposition", "form-data; name=\"" + key + "\"; filename=\"" + file.getName() + "\"");
         MediaType mediaType = MediaType.parse(guessContentTypeFromFile(file));

samples/client/petstore/java/okhttp-gson-nullable-required/src/main/java/org/openapitools/client/ApiClient.java

@@ -1482,21 +1482,25 @@ public RequestBody buildRequestBodyMultipart(Map<String, Object> formParams) {
      * @return The guessed Content-Type
      */
     public String guessContentTypeFromFile(File file) {
-        String contentType = URLConnection.guessContentTypeFromName(file.getName());
-        if (contentType == null) {
+        try {
+            String contentType = Files.probeContentType(file.toPath());
+            if (contentType == null) {
+               return "application/octet-stream";
+            } else {
+                return contentType;
+            }
+        } catch(IOException error) {
             return "application/octet-stream";
-        } else {
-            return contentType;
         }
     }
 
     /**
      * Add a Content-Disposition Header for the given key and file to the MultipartBody Builder.
      *
-     * @param mpBuilder MultipartBody.Builder 
+     * @param mpBuilder MultipartBody.Builder
      * @param key The key of the Header element
      * @param file The file to add to the Header
-     */ 
+     */
     private void addPartToMultiPartBuilder(MultipartBody.Builder mpBuilder, String key, File file) {
         Headers partHeaders = Headers.of("Content-Disposition", "form-data; name=\"" + key + "\"; filename=\"" + file.getName() + "\"");
         MediaType mediaType = MediaType.parse(guessContentTypeFromFile(file));

samples/client/petstore/java/okhttp-gson-parcelableModel/src/main/java/org/openapitools/client/ApiClient.java

@@ -1485,21 +1485,25 @@ public RequestBody buildRequestBodyMultipart(Map<String, Object> formParams) {
      * @return The guessed Content-Type
      */
     public String guessContentTypeFromFile(File file) {
-        String contentType = URLConnection.guessContentTypeFromName(file.getName());
-        if (contentType == null) {
+        try {
+            String contentType = Files.probeContentType(file.toPath());
+            if (contentType == null) {
+               return "application/octet-stream";
+            } else {
+                return contentType;
+            }
+        } catch(IOException error) {
             return "application/octet-stream";
-        } else {
-            return contentType;
         }
     }
 
     /**
      * Add a Content-Disposition Header for the given key and file to the MultipartBody Builder.
      *
-     * @param mpBuilder MultipartBody.Builder 
+     * @param mpBuilder MultipartBody.Builder
      * @param key The key of the Header element
      * @param file The file to add to the Header
-     */ 
+     */
     private void addPartToMultiPartBuilder(MultipartBody.Builder mpBuilder, String key, File file) {
         Headers partHeaders = Headers.of("Content-Disposition", "form-data; name=\"" + key + "\"; filename=\"" + file.getName() + "\"");
         MediaType mediaType = MediaType.parse(guessContentTypeFromFile(file));

samples/client/petstore/java/okhttp-gson-swagger1/src/main/java/org/openapitools/client/ApiClient.java

@@ -1479,21 +1479,25 @@ public RequestBody buildRequestBodyMultipart(Map<String, Object> formParams) {
      * @return The guessed Content-Type
      */
     public String guessContentTypeFromFile(File file) {
-        String contentType = URLConnection.guessContentTypeFromName(file.getName());
-        if (contentType == null) {
+        try {
+            String contentType = Files.probeContentType(file.toPath());
+            if (contentType == null) {
+               return "application/octet-stream";
+            } else {
+                return contentType;
+            }
+        } catch(IOException error) {
             return "application/octet-stream";
-        } else {
-            return contentType;
         }
     }
 
     /**
      * Add a Content-Disposition Header for the given key and file to the MultipartBody Builder.
      *
-     * @param mpBuilder MultipartBody.Builder 
+     * @param mpBuilder MultipartBody.Builder
      * @param key The key of the Header element
      * @param file The file to add to the Header
-     */ 
+     */
     private void addPartToMultiPartBuilder(MultipartBody.Builder mpBuilder, String key, File file) {
         Headers partHeaders = Headers.of("Content-Disposition", "form-data; name=\"" + key + "\"; filename=\"" + file.getName() + "\"");
         MediaType mediaType = MediaType.parse(guessContentTypeFromFile(file));

samples/client/petstore/java/okhttp-gson-swagger2/src/main/java/org/openapitools/client/ApiClient.java

@@ -1479,21 +1479,25 @@ public RequestBody buildRequestBodyMultipart(Map<String, Object> formParams) {
      * @return The guessed Content-Type
      */
     public String guessContentTypeFromFile(File file) {
-        String contentType = URLConnection.guessContentTypeFromName(file.getName());
-        if (contentType == null) {
+        try {
+            String contentType = Files.probeContentType(file.toPath());
+            if (contentType == null) {
+               return "application/octet-stream";
+            } else {
+                return contentType;
+            }
+        } catch(IOException error) {
             return "application/octet-stream";
-        } else {
-            return contentType;
         }
     }
 
     /**
      * Add a Content-Disposition Header for the given key and file to the MultipartBody Builder.
      *
-     * @param mpBuilder MultipartBody.Builder 
+     * @param mpBuilder MultipartBody.Builder
      * @param key The key of the Header element
      * @param file The file to add to the Header
-     */ 
+     */
     private void addPartToMultiPartBuilder(MultipartBody.Builder mpBuilder, String key, File file) {
         Headers partHeaders = Headers.of("Content-Disposition", "form-data; name=\"" + key + "\"; filename=\"" + file.getName() + "\"");
         MediaType mediaType = MediaType.parse(guessContentTypeFromFile(file));

samples/client/petstore/java/okhttp-gson/src/main/java/org/openapitools/client/ApiClient.java

@@ -1544,21 +1544,25 @@ public RequestBody buildRequestBodyMultipart(Map<String, Object> formParams) {
      * @return The guessed Content-Type
      */
     public String guessContentTypeFromFile(File file) {
-        String contentType = URLConnection.guessContentTypeFromName(file.getName());
-        if (contentType == null) {
+        try {
+            String contentType = Files.probeContentType(file.toPath());
+            if (contentType == null) {
+               return "application/octet-stream";
+            } else {
+                return contentType;
+            }
+        } catch(IOException error) {
             return "application/octet-stream";
-        } else {
-            return contentType;
         }
     }
 
     /**
      * Add a Content-Disposition Header for the given key and file to the MultipartBody Builder.
      *
-     * @param mpBuilder MultipartBody.Builder 
+     * @param mpBuilder MultipartBody.Builder
      * @param key The key of the Header element
      * @param file The file to add to the Header
-     */ 
+     */
     private void addPartToMultiPartBuilder(MultipartBody.Builder mpBuilder, String key, File file) {
         Headers partHeaders = Headers.of("Content-Disposition", "form-data; name=\"" + key + "\"; filename=\"" + file.getName() + "\"");
         MediaType mediaType = MediaType.parse(guessContentTypeFromFile(file));