active_storage_validations 1.2.0 → 1.3.1

data/lib/active_storage_validations/concerns/attachable.rb

@@ -0,0 +1,134 @@
+require_relative "../metadata"
+
+module ActiveStorageValidations
+  # ActiveStorageValidations::Attachable
+  #
+  # Validator methods for analyzing attachable.
+  #
+  # An attachable is a file representation such as ActiveStorage::Blob,
+  # ActionDispatch::Http::UploadedFile, Rack::Test::UploadedFile, Hash, String,
+  # File or Pathname
+  module Attachable
+    extend ActiveSupport::Concern
+
+    private
+
+    # Loop through the newly submitted attachables to validate them. Using
+    # attachables is the only way to get the attached file io that is necessary
+    # to perform file analyses.
+    def validate_changed_files_from_metadata(record, attribute)
+      attachables_from_changes(record, attribute).each do |attachable|
+        is_valid?(record, attribute, attachable, Metadata.new(attachable).metadata)
+      end
+    end
+
+    # Retrieve an array of newly submitted attachables. Some file could be passed
+    # several times, we just need to perform the analysis once on the file,
+    # therefore the use of #uniq.
+    def attachables_from_changes(record, attribute)
+      changes = record.attachment_changes[attribute.to_s]
+      return [] if changes.blank?
+
+      Array.wrap(
+        changes.is_a?(ActiveStorage::Attached::Changes::CreateMany) ? changes.attachables : changes.attachable
+      ).uniq
+    end
+
+    # Retrieve the full declared content_type from attachable.
+    def full_attachable_content_type(attachable)
+      case attachable
+      when ActiveStorage::Blob
+        attachable.content_type
+      when ActionDispatch::Http::UploadedFile
+        attachable.content_type
+      when Rack::Test::UploadedFile
+        attachable.content_type
+      when String
+        blob = ActiveStorage::Blob.find_signed!(attachable)
+        blob.content_type
+      when Hash
+        attachable[:content_type]
+      when File
+        supports_file_attachment? ? marcel_content_type_from_filename(attachable) : raise_rails_like_error(attachable)
+      when Pathname
+        supports_pathname_attachment? ? marcel_content_type_from_filename(attachable) : raise_rails_like_error(attachable)
+      else
+        raise_rails_like_error(attachable)
+      end
+    end
+
+    # Retrieve the declared content_type from attachable without potential mime
+    # type parameters (e.g. 'application/x-rar-compressed;version=5')
+    def attachable_content_type(attachable)
+      full_attachable_content_type(attachable) && full_attachable_content_type(attachable).downcase.split(/[;,\s]/, 2).first
+    end
+
+    # Retrieve the io from attachable.
+    def attachable_io(attachable)
+      case attachable
+      when ActiveStorage::Blob
+        attachable.download
+      when ActionDispatch::Http::UploadedFile
+        attachable.read
+      when Rack::Test::UploadedFile
+        attachable.read
+      when String
+        blob = ActiveStorage::Blob.find_signed!(attachable)
+        blob.download
+      when Hash
+        attachable[:io].read
+      when File
+        supports_file_attachment? ? attachable : raise_rails_like_error(attachable)
+      when Pathname
+        supports_pathname_attachment? ? attachable.read : raise_rails_like_error(attachable)
+      else
+        raise_rails_like_error(attachable)
+      end
+    end
+
+    # Retrieve the declared filename from attachable.
+    def attachable_filename(attachable)
+      case attachable
+      when ActiveStorage::Blob
+        attachable.filename
+      when ActionDispatch::Http::UploadedFile
+        attachable.original_filename
+      when Rack::Test::UploadedFile
+        attachable.original_filename
+      when String
+        blob = ActiveStorage::Blob.find_signed!(attachable)
+        blob.filename
+      when Hash
+        attachable[:filename]
+      when File
+        supports_file_attachment? ? File.basename(attachable) : raise_rails_like_error(attachable)
+      when Pathname
+        supports_pathname_attachment? ? File.basename(attachable) : raise_rails_like_error(attachable)
+      else
+        raise_rails_like_error(attachable)
+      end
+    end
+
+    # Raise the same Rails error for not-implemented file representations.
+    def raise_rails_like_error(attachable)
+      raise(
+        ArgumentError,
+        "Could not find or build blob: expected attachable, " \
+          "got #{attachable.inspect}"
+      )
+    end
+
+    # Check if the current Rails version supports File or Pathname attachment
+    #
+    # https://github.com/rails/rails/blob/7-1-stable/activestorage/CHANGELOG.md#rails-710rc1-september-27-2023
+    def supports_file_attachment?
+      Rails.gem_version >= Gem::Version.new('7.1.0.rc1')
+    end
+    alias :supports_pathname_attachment? :supports_file_attachment?
+
+    # Retrieve the content_type from the file name only
+    def marcel_content_type_from_filename(attachable)
+      Marcel::MimeType.for(name: attachable_filename(attachable).to_s)
+    end
+  end
+end

data/lib/active_storage_validations/concerns/errorable.rb

@@ -16,12 +16,11 @@ module ActiveStorageValidations
     end
 
     def add_error(record, attribute, error_type, **errors_options)
-      type = errors_options[:custom_message].presence || error_type
-      return if record.errors.added?(attribute, type)
+      return if record.errors.added?(attribute, error_type)
 
       # You can read https://api.rubyonrails.org/classes/ActiveModel/Errors.html#method-i-add
       # to better understand how Rails model errors work
-      record.errors.add(attribute, type, **errors_options)
+      record.errors.add(attribute, error_type, **errors_options)
     end
 
     private
@@ -31,8 +30,9 @@ module ActiveStorageValidations
 
       case file
       when ActiveStorage::Attached, ActiveStorage::Attachment then file.blob&.filename&.to_s
+      when ActiveStorage::Blob then file.filename
       when Hash then file[:filename]
-      end
+      end.to_s
     end
   end
 end

data/lib/active_storage_validations/concerns/loggable.rb

@@ -0,0 +1,9 @@
+module ActiveStorageValidations
+  module Loggable
+    extend ActiveSupport::Concern
+
+    def logger
+      Rails.logger
+    end
+  end
+end

data/lib/active_storage_validations/concerns/optionable.rb

@@ -0,0 +1,27 @@
+module ActiveStorageValidations
+  # ActiveStorageValidations::Optionable
+  #
+  # Helper method to flatten the validator options.
+  module Optionable
+    extend ActiveSupport::Concern
+
+    private
+
+    def set_flat_options(record)
+      flatten_options(record, self.options)
+    end
+
+    def flatten_options(record, options, available_checks = self.class::AVAILABLE_CHECKS)
+      case options
+      when Hash
+        options.merge(options) do |key, value|
+          available_checks&.exclude?(key) ? {} : flatten_options(record, value, nil)
+        end
+      when Array
+        options.map { |option| flatten_options(record, option, available_checks) }
+      else
+        options.is_a?(Proc) ? options.call(record) : options
+      end
+    end
+  end
+end

data/lib/active_storage_validations/content_type_spoof_detector.rb

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+
+require_relative 'concerns/attachable'
+require_relative 'concerns/loggable'
+require 'open3'
+
+module ActiveStorageValidations
+  class ContentTypeSpoofDetector
+    class FileCommandLineToolNotInstalledError < StandardError; end
+
+    include Attachable
+    include Loggable
+
+    def initialize(record, attribute, attachable)
+      @record = record
+      @attribute = attribute
+      @attachable = attachable
+    end
+
+    def spoofed?
+      if supplied_content_type_vs_open3_analizer_mismatch?
+        logger.info "Content Type Spoofing detected for file '#{filename}'. The supplied content type is '#{supplied_content_type}' but the content type discovered using open3 is '#{content_type_from_analyzer}'."
+        true
+      else
+        false
+      end
+    end
+
+    private
+
+    def filename
+      @filename ||= attachable_filename(@attachable).to_s
+    end
+
+    def supplied_content_type
+      @supplied_content_type ||= attachable_content_type(@attachable)
+    end
+
+    def io
+      @io ||= attachable_io(@attachable)
+    end
+
+    # Return the content_type found by Open3 analysis.
+    #
+    # Using Open3 is a better alternative than Marcel (Marcel::MimeType.for(io))
+    # for analyzing content type solely based on the file io.
+    def content_type_from_analyzer
+      @content_type_from_analyzer ||= open3_mime_type_for_io
+    end
+
+    def open3_mime_type_for_io
+      return nil if io.blank?
+
+      Tempfile.create do |tempfile|
+        tempfile.binmode
+        tempfile.write(io)
+        tempfile.rewind
+
+        command = "file -b --mime-type #{tempfile.path}"
+        output, status = Open3.capture2(command)
+
+        if status.success?
+          mime_type = output.strip
+          return mime_type
+        else
+          raise "Error determining MIME type: #{output}"
+        end
+
+      rescue Errno::ENOENT
+        raise FileCommandLineToolNotInstalledError, 'file command-line tool is not installed'
+      end
+    end
+
+    def supplied_content_type_vs_open3_analizer_mismatch?
+      supplied_content_type.present? &&
+        !supplied_content_type_intersects_content_type_from_analyzer?
+    end
+
+    def supplied_content_type_intersects_content_type_from_analyzer?
+      # Ruby intersects? method is only available from 3.1
+      enlarged_content_type(supplied_content_type).any? do |item|
+        enlarged_content_type(content_type_from_analyzer).include?(item)
+      end
+    end
+
+    def enlarged_content_type(content_type)
+      [content_type, *parent_content_types(content_type)].compact.uniq
+    end
+
+    def parent_content_types(content_type)
+      Marcel::TYPE_PARENTS[content_type] || []
+    end
+  end
+end

data/lib/active_storage_validations/content_type_validator.rb

@@ -1,16 +1,25 @@
 # frozen_string_literal: true
 
+require_relative 'concerns/active_storageable.rb'
+require_relative 'concerns/attachable.rb'
 require_relative 'concerns/errorable.rb'
+require_relative 'concerns/optionable.rb'
 require_relative 'concerns/symbolizable.rb'
+require_relative 'content_type_spoof_detector.rb'
 
 module ActiveStorageValidations
   class ContentTypeValidator < ActiveModel::EachValidator # :nodoc:
-    include OptionProcUnfolding
+    include ActiveStorageable
+    include Attachable
     include Errorable
+    include Optionable
     include Symbolizable
 
     AVAILABLE_CHECKS = %i[with in].freeze
-    ERROR_TYPES = %i[content_type_invalid].freeze
+    ERROR_TYPES = %i[
+      content_type_invalid
+      spoofed_content_type
+    ].freeze
 
     def check_validity!
       ensure_exactly_one_validator_option
@@ -18,52 +27,102 @@ module ActiveStorageValidations
     end
 
     def validate_each(record, attribute, _value)
-      return true unless record.send(attribute).attached?
+      return if no_attachments?(record, attribute)
 
-      types = authorized_types(record)
-      return true if types.empty?
+      @authorized_content_types = authorized_content_types_from_options(record)
+      return if @authorized_content_types.empty?
 
-      files = Array.wrap(record.send(attribute))
-
-      files.each do |file|
-        next if is_valid?(file, types)
-
-        errors_options = initialize_error_options(options, file)
-        errors_options[:authorized_types] = types_to_human_format(types)
-        errors_options[:content_type] = content_type(file)
-        add_error(record, attribute, ERROR_TYPES.first, **errors_options)
-        break
+      attachables_from_changes(record, attribute).each do |attachable|
+        set_attachable_cached_values(attachable)
+        is_valid?(record, attribute, attachable)
       end
     end
 
-    def authorized_types(record)
-      flat_options = unfold_procs(record, self.options, AVAILABLE_CHECKS)
+    private
+
+    def authorized_content_types_from_options(record)
+      flat_options = set_flat_options(record)
+
       (Array.wrap(flat_options[:with]) + Array.wrap(flat_options[:in])).compact.map do |type|
-        if type.is_a?(Regexp)
-          type
-        else
-          Marcel::MimeType.for(declared_type: type.to_s, extension: type.to_s)
+        case type
+        when String, Symbol then Marcel::MimeType.for(declared_type: type.to_s, extension: type.to_s)
+        when Regexp then type
         end
       end
     end
 
-    def types_to_human_format(types)
-      types
-        .map { |type| type.is_a?(Regexp) ? type.source : type.to_s.split('/').last.upcase }
-        .join(', ')
+    def set_attachable_cached_values(attachable)
+      @attachable_content_type = attachable_content_type(attachable)
+      @attachable_filename = attachable_filename(attachable).to_s
     end
 
-    def content_type(file)
-      file.blob.present? && file.blob.content_type
+    def is_valid?(record, attribute, attachable)
+      extension_matches_content_type?(record, attribute, attachable) &&
+        authorized_content_type?(record, attribute, attachable) &&
+        not_spoofing_content_type?(record, attribute, attachable)
+    end
+
+    def extension_matches_content_type?(record, attribute, attachable)
+      extension = @attachable_filename.split('.').second
+
+      possible_extensions = Marcel::TYPE_EXTS[@attachable_content_type]
+      return true if possible_extensions && extension.in?(possible_extensions)
+
+      errors_options = initialize_and_populate_error_options(options, attachable)
+      add_error(record, attribute, ERROR_TYPES.first, **errors_options)
+      false
     end
 
-    def is_valid?(file, types)
-      file_type = content_type(file)
-      types.any? do |type|
-        type == file_type || (type.is_a?(Regexp) && type.match?(file_type.to_s))
+    def authorized_content_type?(record, attribute, attachable)
+      attachable_content_type_is_authorized = @authorized_content_types.any? do |authorized_content_type|
+        case authorized_content_type
+        when String then authorized_content_type == marcel_attachable_content_type(attachable)
+        when Regexp then authorized_content_type.match?(marcel_attachable_content_type(attachable).to_s)
+        end
+      end
+
+      return true if attachable_content_type_is_authorized
+
+      errors_options = initialize_and_populate_error_options(options, attachable)
+      add_error(record, attribute, ERROR_TYPES.first, **errors_options)
+      false
+    end
+
+    def not_spoofing_content_type?(record, attribute, attachable)
+      return true unless enable_spoofing_protection?
+
+      if ContentTypeSpoofDetector.new(record, attribute, attachable).spoofed?
+        errors_options = initialize_error_options(options, attachable)
+        add_error(record, attribute, ERROR_TYPES.second, **errors_options)
+        false
+      else
+        true
       end
     end
 
+    def marcel_attachable_content_type(attachable)
+      Marcel::MimeType.for(declared_type: @attachable_content_type, name: @attachable_filename)
+    end
+
+    def enable_spoofing_protection?
+      options[:spoofing_protection] == true
+    end
+
+    def initialize_and_populate_error_options(options, attachable)
+      errors_options = initialize_error_options(options, attachable)
+      errors_options[:content_type] = @attachable_content_type
+      errors_options[:authorized_types] = authorized_content_types_to_human_format
+      errors_options
+    end
+
+    def authorized_content_types_to_human_format
+      @authorized_content_types
+        .map do |authorized_content_type|
+          authorized_content_type.is_a?(Regexp) ? authorized_content_type.source : authorized_content_type.to_s.split('/').last.upcase
+        end
+        .join(', ')
+    end
+
     def ensure_exactly_one_validator_option
       unless AVAILABLE_CHECKS.one? { |argument| options.key?(argument) }
         raise ArgumentError, 'You must pass either :with or :in to the validator'
@@ -74,24 +133,39 @@ module ActiveStorageValidations
       return true if options[:with]&.is_a?(Proc) || options[:in]&.is_a?(Proc)
 
       ([options[:with]] || options[:in]).each do |content_type|
-        raise ArgumentError, invalid_content_type_message(content_type) if invalid_content_type?(content_type)
+        raise ArgumentError, invalid_content_type_option_message(content_type) if invalid_option?(content_type)
       end
     end
 
-    def invalid_content_type_message(content_type)
-      <<~ERROR_MESSAGE
-        You must pass valid content types to the validator
-        '#{content_type}' is not find in Marcel::EXTENSIONS mimes
-      ERROR_MESSAGE
+    def invalid_content_type_option_message(content_type)
+      if content_type.to_s.match?(/\//)
+        <<~ERROR_MESSAGE
+          You must pass valid content types to the validator
+          '#{content_type}' is not found in Marcel::TYPE_EXTS
+        ERROR_MESSAGE
+      else
+        <<~ERROR_MESSAGE
+          You must pass valid content types extensions to the validator
+          '#{content_type}' is not found in Marcel::EXTENSIONS
+        ERROR_MESSAGE
+      end
     end
 
-    def invalid_content_type?(content_type)
+    def invalid_option?(content_type)
       case content_type
       when String, Symbol
-        Marcel::MimeType.for(declared_type: content_type.to_s, extension: content_type.to_s) == 'application/octet-stream'
+        content_type.to_s.match?(/\//) ? invalid_content_type?(content_type) : invalid_extension?(content_type)
       when Regexp
         false # We always validate regexes
       end
     end
+
+    def invalid_content_type?(content_type)
+      Marcel::TYPE_EXTS[content_type.to_s] == nil
+    end
+
+    def invalid_extension?(content_type)
+      Marcel::MimeType.for(extension: content_type.to_s) == 'application/octet-stream'
+    end
   end
 end

data/lib/active_storage_validations/dimension_validator.rb

@@ -1,13 +1,17 @@
 # frozen_string_literal: true
 
+require_relative 'concerns/active_storageable.rb'
+require_relative 'concerns/attachable.rb'
 require_relative 'concerns/errorable.rb'
+require_relative 'concerns/optionable.rb'
 require_relative 'concerns/symbolizable.rb'
-require_relative 'metadata.rb'
 
 module ActiveStorageValidations
   class DimensionValidator < ActiveModel::EachValidator # :nodoc
-    include OptionProcUnfolding
+    include ActiveStorageable
+    include Attachable
     include Errorable
+    include Optionable
     include Symbolizable
 
     AVAILABLE_CHECKS = %i[width height min max].freeze
@@ -25,65 +29,19 @@ module ActiveStorageValidations
       dimension_height_equal_to
     ].freeze
 
-    def process_options(record)
-      flat_options = unfold_procs(record, self.options, AVAILABLE_CHECKS)
-
-      [:width, :height].each do |length|
-        if flat_options[length] and flat_options[length].is_a?(Hash)
-          if (range = flat_options[length][:in])
-            raise ArgumentError, ":in must be a Range" unless range.is_a?(Range)
-            flat_options[length][:min], flat_options[length][:max] = range.min, range.max
-          end
-        end
-      end
-      [:min, :max].each do |dim|
-        if (range = flat_options[dim])
-          raise ArgumentError, ":#{dim} must be a Range (width..height)" unless range.is_a?(Range)
-          flat_options[:width] = { dim => range.first }
-          flat_options[:height] = { dim => range.last }
-        end
-      end
-
-      flat_options
-    end
-
     def check_validity!
       unless AVAILABLE_CHECKS.any? { |argument| options.key?(argument) }
         raise ArgumentError, 'You must pass either :width, :height, :min or :max to the validator'
       end
     end
 
+    def validate_each(record, attribute, _value)
+      return if no_attachments?(record, attribute)
 
-    if Rails.gem_version >= Gem::Version.new('6.0.0')
-      def validate_each(record, attribute, _value)
-        return true unless record.send(attribute).attached?
-
-        changes = record.attachment_changes[attribute.to_s]
-        return true if changes.blank?
-
-        files = Array.wrap(changes.is_a?(ActiveStorage::Attached::Changes::CreateMany) ? changes.attachables : changes.attachable)
-        files.each do |file|
-          metadata = Metadata.new(file).metadata
-          next if is_valid?(record, attribute, file, metadata)
-          break
-        end
-      end
-    else
-      # Rails 5
-      def validate_each(record, attribute, _value)
-        return true unless record.send(attribute).attached?
-
-        files = Array.wrap(record.send(attribute))
-        files.each do |file|
-          # Analyze file first if not analyzed to get all required metadata.
-          file.analyze; file.reload unless file.analyzed?
-          metadata = file.metadata rescue {}
-          next if is_valid?(record, attribute, file, metadata)
-          break
-        end
-      end
+      validate_changed_files_from_metadata(record, attribute)
     end
 
+    private
 
     def is_valid?(record, attribute, file, metadata)
       flat_options = process_options(record)
@@ -163,5 +121,27 @@ module ActiveStorageValidations
 
       true # valid file
     end
+
+    def process_options(record)
+      flat_options = set_flat_options(record)
+
+      [:width, :height].each do |length|
+        if flat_options[length] and flat_options[length].is_a?(Hash)
+          if (range = flat_options[length][:in])
+            raise ArgumentError, ":in must be a Range" unless range.is_a?(Range)
+            flat_options[length][:min], flat_options[length][:max] = range.min, range.max
+          end
+        end
+      end
+      [:min, :max].each do |dim|
+        if (range = flat_options[dim])
+          raise ArgumentError, ":#{dim} must be a Range (width..height)" unless range.is_a?(Range)
+          flat_options[:width] = { dim => range.first }
+          flat_options[:height] = { dim => range.last }
+        end
+      end
+
+      flat_options
+    end
   end
 end

data/lib/active_storage_validations/limit_validator.rb

@@ -1,12 +1,15 @@
 # frozen_string_literal: true
 
+require_relative 'concerns/active_storageable.rb'
 require_relative 'concerns/errorable.rb'
+require_relative 'concerns/optionable.rb'
 require_relative 'concerns/symbolizable.rb'
 
 module ActiveStorageValidations
   class LimitValidator < ActiveModel::EachValidator # :nodoc:
-    include OptionProcUnfolding
+    include ActiveStorageable
     include Errorable
+    include Optionable
     include Symbolizable
 
     AVAILABLE_CHECKS = %i[max min].freeze
@@ -19,11 +22,11 @@ module ActiveStorageValidations
       ensure_arguments_validity
     end
 
-    def validate_each(record, attribute, _)
-      files = Array.wrap(record.send(attribute)).reject { |file| file.blank? }.compact.uniq
-      flat_options = unfold_procs(record, self.options, AVAILABLE_CHECKS)
+    def validate_each(record, attribute, _value)
+      files = attached_files(record, attribute).reject(&:blank?)
+      flat_options = set_flat_options(record)
 
-      return true if files_count_valid?(files.count, flat_options)
+      return if files_count_valid?(files.count, flat_options)
 
       errors_options = initialize_error_options(options)
       errors_options[:min] = flat_options[:min]

data/lib/active_storage_validations/marcel_extensor.rb

@@ -0,0 +1,5 @@
+Marcel::MimeType.extend "application/x-rar-compressed", parents: %(application/x-rar)
+Marcel::MimeType.extend "audio/x-hx-aac-adts", parents: %(audio/x-aac)
+Marcel::MimeType.extend "audio/x-m4a", parents: %(audio/mp4)
+Marcel::MimeType.extend "text/xml", parents: %(application/xml) # alias
+Marcel::MimeType.extend "video/theora", parents: %(video/ogg)