Visual Studio
application/octet-stream
Magic Bytes
Offset: 0
84 54 BE FF E4 69 63 72 6F 73 6F 66 74 20 57 69 6E 64 6F 77 73 20 4D 65 64 69 61 20 50 6C 61 79 65 72 20 2D 2D 20
Visual Studio Solution (SLN) is a configuration format developed and maintained by Microsoft for organizing software projects within its integrated development environment. It serves as a declarative container that manages project dependencies, build configurations, and global environment settings across various development modules. While the file itself is a text-based structure and generally safe, it can be utilized to trigger the execution of arbitrary code through the inclusion of malicious project references or build tasks.
Validation Code
How to validate .sln files in Python
Python
def is_sln(file_path: str) -> bool:
"""Check if file is a valid SLN by magic bytes."""
signature = bytes([0x84, 0x54, 0xBE, 0xFF, 0xE4, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6E, 0x64, 0x6F, 0x77, 0x73, 0x20, 0x4D, 0x65, 0x64, 0x69, 0x61, 0x20, 0x50, 0x6C, 0x61, 0x79, 0x65, 0x72, 0x20, 0x2D, 0x2D, 0x20])
with open(file_path, "rb") as f:
return f.read(38) == signatureHow to validate .sln files in Node.js
Node.js
function isSLN(buffer: Buffer): boolean {
const signature = Buffer.from([0x84, 0x54, 0xBE, 0xFF, 0xE4, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6E, 0x64, 0x6F, 0x77, 0x73, 0x20, 0x4D, 0x65, 0x64, 0x69, 0x61, 0x20, 0x50, 0x6C, 0x61, 0x79, 0x65, 0x72, 0x20, 0x2D, 0x2D, 0x20]);
return buffer.subarray(0, 38).equals(signature);
}
Go
func IsSLN(data []byte) bool {
signature := []byte{0x84, 0x54, 0xBE, 0xFF, 0xE4, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6E, 0x64, 0x6F, 0x77, 0x73, 0x20, 0x4D, 0x65, 0x64, 0x69, 0x61, 0x20, 0x50, 0x6C, 0x61, 0x79, 0x65, 0x72, 0x20, 0x2D, 0x2D, 0x20}
if len(data) < 38 {
return false
}
return bytes.Equal(data[:38], signature)
}API Endpoint
GET
/api/v1/sln
curl https://filesignature.org/api/v1/sln