golang - image file validation

We have an API that accepts image files (jpeg, png and PDF) from the client. To avoid
Unrestricted File Upload vulnerability, we want to implement file content validation on server side. Is there canonical way or library for golang to do this? I know http package has DetectContentType function but I'm not sure if it's sufficient given it's based on MINE sniffing and only looks at first 512 bytes.

If you want to only accept valid files types like the ones listed then you can rely on DetectContentType. Those types have well-known markers in the beginning of their files. In fact most can be recognized by looking far fewer than 512 bytes.

It's easy to put together a CLI tool and test out some files for yourself.

And here are the first 5 bytes of a random jpg, pdf, and gif I have laying around.

$ for i in {boo.jpg,AmStd_12-5062-01_final.pdf,tenor.gif}; \
     do echo "\n$i"; \
     head -c 5 $i | hexdump -C; \
done

boo.jpg
00000000  ff d8 ff e0 00                                    |.....|
00000005

AmStd_12-5062-01_final.pdf
00000000  25 50 44 46 2d                                    |%PDF-|
00000005

tenor.gif
00000000  47 49 46 38 39                                    |GIF89|
00000005

Note the jpg marker defined in the Go code is: []byte("\xFF\xD8\xFF") which are the first 3 bytes of the output for boo.jpg. The other two have ASCII markers so are a little easier to see.

Obviously a file could be tampered with to have a matching signature to one of the allowed file types so it could be spoofed and an "invalid" pdf, jpg or gif could be uploaded. How you use the file ultimately plays a role in whether you can trust an automated system at all.

EDIT
Looks like someone else already made a CLI tool to check a file. Change the filename to a flag and you have a tool that could act as a good testing utility to validate correctness.
https://golangcode.com/get-the-content-type-of-file/