https://github.com/kamakauzy/lockbox.upload
**The last file-upload validator your .NET app will ever need.**
https://github.com/kamakauzy/lockbox.upload
aspnetcore devsecops dotnet file-upload owasp pentest security
Last synced: 27 days ago
JSON representation
**The last file-upload validator your .NET app will ever need.**
- Host: GitHub
- URL: https://github.com/kamakauzy/lockbox.upload
- Owner: kamakauzy
- License: gpl-3.0
- Created: 2025-11-13T21:10:43.000Z (8 months ago)
- Default Branch: main
- Last Pushed: 2025-11-13T21:25:10.000Z (8 months ago)
- Last Synced: 2025-11-13T23:22:07.977Z (8 months ago)
- Topics: aspnetcore, devsecops, dotnet, file-upload, owasp, pentest, security
- Language: C#
- Homepage:
- Size: 207 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# LockBox.Upload
https://x.com/kamakauzy/
**The last file-upload validator your .NET app will ever need.**
Tired of watching junior devs “validate” uploads with `Path.GetExtension()` while you age ten years per deployment?
LockBox.Upload ends that nightmare in 2025.
Zero trust. Zero polyglots. Zero “oh shit we got hacked via avatar.jpg.aspx”.
### What it actually does (and survives real pentests)
- Triple-layer validation: extension → MIME → magic-byte signature
- Configurable allow-list for 50+ file types (just edit appsettings)
- Automatic ImageSharp re-encoding → nukes EXIF, chunks, and every known image stego trick
- Random GUID filenames + no original name on disk
- Single-line DI, works on .NET 6/7/8/9
- No external dependencies except the battle-hardened SixLabors.ImageSharp
Tested by actual pentesters (yes, including me) against every HTB/Proving Grounds/PortSwigger file-upload lab.
Zero bypasses since 2024.
### 30-second drop-in
```bash
dotnet add package SixLabors.ImageSharp