carrierwave 1.3.2 → 3.0.2

data/lib/carrierwave/uploader/cache.rb

@@ -1,3 +1,5 @@
+require 'securerandom'
+
 module CarrierWave
 
   class FormNotMultipart < UploadError
@@ -22,10 +24,11 @@ module CarrierWave
   # [String] a cache id in the format TIMEINT-PID-COUNTER-RND
   #
   def self.generate_cache_id
-    [Time.now.utc.to_i,
-      Process.pid,
-      '%04d' % (CarrierWave::CacheCounter.increment % 1000),
-      '%04d' % rand(9999)
+    [
+      Time.now.utc.to_i,
+      SecureRandom.random_number(1_000_000_000_000_000),
+      '%04d' % (CarrierWave::CacheCounter.increment % 10_000),
+      '%04d' % SecureRandom.random_number(10_000)
     ].map(&:to_s).join('-')
   end
 
@@ -36,6 +39,16 @@ module CarrierWave
       include CarrierWave::Uploader::Callbacks
       include CarrierWave::Uploader::Configuration
 
+      included do
+        prepend Module.new {
+          def initialize(*)
+            super
+            @staged = false
+          end
+        }
+        attr_accessor :staged
+      end
+
       module ClassMethods
 
         ##
@@ -52,7 +65,7 @@ module CarrierWave
         # It's recommended that you keep cache files in one place only.
         #
         def clean_cached_files!(seconds=60*60*24)
-          cache_storage.new(CarrierWave::Uploader::Base.new).clean_cache!(seconds)
+          (cache_storage || storage).new(new).clean_cache!(seconds)
         end
       end
 
@@ -64,7 +77,7 @@ module CarrierWave
       # [Bool] whether the current file is cached
       #
       def cached?
-        @cache_id
+        !!@cache_id
       end
 
       ##
@@ -78,14 +91,8 @@ module CarrierWave
       end
 
       def sanitized_file
-        _content = file.read
-        if _content.is_a?(File) # could be if storage is Fog
-          sanitized = CarrierWave::Storage::Fog.new(self).retrieve!(File.basename(_content.path))
-        else
-          sanitized = SanitizedFile.new :tempfile => StringIO.new(_content),
-            :filename => File.basename(path), :content_type => file.content_type
-        end
-        sanitized
+        ActiveSupport::Deprecation.warn('#sanitized_file is deprecated, use #file instead.')
+        file
       end
 
       ##
@@ -96,7 +103,7 @@ module CarrierWave
       # [String] a cache name, in the format TIMEINT-PID-COUNTER-RND/filename.txt
       #
       def cache_name
-        File.join(cache_id, full_original_filename) if cache_id and original_filename
+        File.join(cache_id, original_filename) if cache_id && original_filename
       end
 
       ##
@@ -104,7 +111,7 @@ module CarrierWave
       #
       # By default, cache!() uses copy_to(), which operates by copying the file
       # to the cache, then deleting the original file.  If move_to_cache() is
-      # overriden to return true, then cache!() uses move_to(), which simply
+      # overridden to return true, then cache!() uses move_to(), which simply
       # moves the file to the cache.  Useful for large files.
       #
       # === Parameters
@@ -115,7 +122,7 @@ module CarrierWave
       #
       # [CarrierWave::FormNotMultipart] if the assigned parameter is a string
       #
-      def cache!(new_file = sanitized_file)
+      def cache!(new_file = file)
         new_file = CarrierWave::SanitizedFile.new(new_file)
         return if new_file.empty?
 
@@ -123,6 +130,8 @@ module CarrierWave
 
         self.cache_id = CarrierWave.generate_cache_id unless cache_id
 
+        @identifier = nil
+        @staged = true
         @filename = new_file.filename
         self.original_filename = new_file.filename
 
@@ -156,8 +165,9 @@ module CarrierWave
       def retrieve_from_cache!(cache_name)
         with_callbacks(:retrieve_from_cache, cache_name) do
           self.cache_id, self.original_filename = cache_name.to_s.split('/', 2)
+          @staged = true
           @filename = original_filename
-          @file = cache_storage.retrieve_from_cache!(full_filename(original_filename))
+          @file = cache_storage.retrieve_from_cache!(full_original_filename)
         end
       end
 
@@ -172,20 +182,21 @@ module CarrierWave
       #
       # [String] the cache path
       #
-      def cache_path(for_file=full_filename(original_filename))
+      def cache_path(for_file=full_original_filename)
         File.join(*[cache_dir, @cache_id, for_file].compact)
       end
 
+    protected
+
+      attr_reader :cache_id
+
     private
 
       def workfile_path(for_file=original_filename)
         File.join(CarrierWave.tmp_path, @cache_id, version_name.to_s, for_file)
       end
 
-      attr_reader :cache_id, :original_filename
-
-      # We can override the full_original_filename method in other modules
-      alias_method :full_original_filename, :original_filename
+      attr_reader :original_filename
 
       def cache_id=(cache_id)
         # Earlier version used 3 part cache_id. Thus we should allow for
@@ -200,7 +211,12 @@ module CarrierWave
       end
 
       def cache_storage
-        @cache_storage ||= self.class.cache_storage.new(self)
+        @cache_storage ||= (self.class.cache_storage || self.class.storage).new(self)
+      end
+
+      # We can override the full_original_filename method in other modules
+      def full_original_filename
+        forcing_extension(original_filename)
       end
     end # Cache
   end # Uploader

data/lib/carrierwave/uploader/callbacks.rb

@@ -5,7 +5,7 @@ module CarrierWave
 
       included do
         class_attribute :_before_callbacks, :_after_callbacks,
-          :instance_writer => false
+                        :instance_writer => false
         self._before_callbacks = Hash.new []
         self._after_callbacks = Hash.new []
       end

data/lib/carrierwave/uploader/configuration.rb

@@ -1,3 +1,5 @@
+require 'carrierwave/downloader/base'
+
 module CarrierWave
 
   module Uploader
@@ -21,9 +23,11 @@ module CarrierWave
         add_config :move_to_cache
         add_config :move_to_store
         add_config :remove_previously_stored_files_after_update
+        add_config :downloader
+        add_config :force_extension
 
         # fog
-        add_config :fog_provider
+        add_deprecated_config :fog_provider
         add_config :fog_attributes
         add_config :fog_credentials
         add_config :fog_directory
@@ -41,6 +45,8 @@ module CarrierWave
         add_config :validate_download
         add_config :mount_on
         add_config :cache_only
+        add_config :download_retry_count
+        add_config :download_retry_wait_time
 
         # set default values
         reset_config
@@ -74,7 +80,7 @@ module CarrierWave
         def storage(storage = nil)
           case storage
           when Symbol
-            if storage_engine = storage_engines[storage]
+            if (storage_engine = storage_engines[storage])
               self._storage = eval storage_engine
             else
               raise CarrierWave::UnknownStorageError, "Unknown storage: #{storage}"
@@ -107,8 +113,8 @@ module CarrierWave
         #     cache_storage CarrierWave::Storage::File
         #     cache_storage MyCustomStorageEngine
         #
-        def cache_storage(storage = nil)
-          if storage
+        def cache_storage(storage = false)
+          unless storage == false
             self._cache_storage = storage.is_a?(Symbol) ? eval(storage_engines[storage]) : storage
           end
           _cache_storage
@@ -119,16 +125,8 @@ module CarrierWave
           class_eval <<-RUBY, __FILE__, __LINE__ + 1
             @#{name} = nil
 
-            def self.eager_load_fog(fog_credentials)
-              # see #1198. This will hopefully no longer be necessary after fog 2.0
-              require self.fog_provider
-              require 'carrierwave/storage/fog'
-              Fog::Storage.new(fog_credentials) if fog_credentials.present?
-            end unless defined? eager_load_fog
-
             def self.#{name}(value=nil)
-              @#{name} = value if value
-              eager_load_fog(value) if value && '#{name}' == 'fog_credentials'
+              @#{name} = value unless value.nil?
               return @#{name} if self.object_id == #{self.object_id} || defined?(@#{name})
               name = superclass.#{name}
               return nil if name.nil? && !instance_variable_defined?(:@#{name})
@@ -136,12 +134,10 @@ module CarrierWave
             end
 
             def self.#{name}=(value)
-              eager_load_fog(value) if '#{name}' == 'fog_credentials' && value.present?
               @#{name} = value
             end
 
             def #{name}=(value)
-              self.class.eager_load_fog(value) if '#{name}' == 'fog_credentials' && value.present?
               @#{name} = value
             end
 
@@ -157,6 +153,26 @@ module CarrierWave
           RUBY
         end
 
+        def add_deprecated_config(name)
+          class_eval <<-RUBY, __FILE__, __LINE__ + 1
+            def self.#{name}(value=nil)
+              ActiveSupport::Deprecation.warn "##{name} is deprecated and has no effect"
+            end
+
+            def self.#{name}=(value)
+              ActiveSupport::Deprecation.warn "##{name} is deprecated and has no effect"
+            end
+
+            def #{name}=(value)
+              ActiveSupport::Deprecation.warn "##{name} is deprecated and has no effect"
+            end
+
+            def #{name}
+              ActiveSupport::Deprecation.warn "##{name} is deprecated and has no effect"
+            end
+          RUBY
+        end
+
         def configure
           yield self
         end
@@ -166,15 +182,14 @@ module CarrierWave
         #
         def reset_config
           configure do |config|
-            config.permissions = 0644
-            config.directory_permissions = 0755
+            config.permissions = 0o644
+            config.directory_permissions = 0o755
             config.storage_engines = {
               :file => "CarrierWave::Storage::File",
               :fog  => "CarrierWave::Storage::Fog"
             }
             config.storage = :file
-            config.cache_storage = :file
-            config.fog_provider = 'fog'
+            config.cache_storage = nil
             config.fog_attributes = {}
             config.fog_credentials = {}
             config.fog_public = true
@@ -187,6 +202,8 @@ module CarrierWave
             config.move_to_cache = false
             config.move_to_store = false
             config.remove_previously_stored_files_after_update = true
+            config.downloader = CarrierWave::Downloader::Base
+            config.force_extension = false
             config.ignore_integrity_errors = true
             config.ignore_processing_errors = true
             config.ignore_download_errors = true
@@ -197,6 +214,8 @@ module CarrierWave
             config.base_path = CarrierWave.base_path
             config.enable_processing = true
             config.ensure_multipart_form = true
+            config.download_retry_count = 0
+            config.download_retry_wait_time = 5
           end
         end
       end

data/lib/carrierwave/uploader/content_type_allowlist.rb

@@ -0,0 +1,62 @@
+module CarrierWave
+  module Uploader
+    module ContentTypeAllowlist
+      extend ActiveSupport::Concern
+
+      included do
+        before :cache, :check_content_type_allowlist!
+      end
+
+      ##
+      # Override this method in your uploader to provide an allowlist of files content types
+      # which are allowed to be uploaded.
+      # Not only strings but Regexp are allowed as well.
+      #
+      # === Returns
+      #
+      # [NilClass, String, Regexp, Array[String, Regexp]] an allowlist of content types which are allowed to be uploaded
+      #
+      # === Examples
+      #
+      #     def content_type_allowlist
+      #       %w(text/json application/json)
+      #     end
+      #
+      # Basically the same, but using a Regexp:
+      #
+      #     def content_type_allowlist
+      #       [/(text|application)\/json/]
+      #     end
+      #
+      def content_type_allowlist
+      end
+
+    private
+
+      def check_content_type_allowlist!(new_file)
+        allowlist = content_type_allowlist
+        if !allowlist && respond_to?(:content_type_whitelist) && content_type_whitelist
+          ActiveSupport::Deprecation.warn "#content_type_whitelist is deprecated, use #content_type_allowlist instead." unless instance_variable_defined?(:@content_type_whitelist_warned)
+          @content_type_whitelist_warned = true
+          allowlist = content_type_whitelist
+        end
+
+        return unless allowlist
+
+        content_type = new_file.content_type
+        if !allowlisted_content_type?(allowlist, content_type)
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.content_type_allowlist_error", content_type: content_type,
+                                                            allowed_types: Array(allowlist).join(", "), default: :"errors.messages.content_type_whitelist_error")
+        end
+      end
+
+      def allowlisted_content_type?(allowlist, content_type)
+        Array(allowlist).any? do |item|
+          item = Regexp.quote(item) if item.class != Regexp
+          content_type =~ /#{item}/
+        end
+      end
+
+    end # ContentTypeAllowlist
+  end # Uploader
+end # CarrierWave

data/lib/carrierwave/uploader/content_type_denylist.rb

@@ -0,0 +1,62 @@
+module CarrierWave
+  module Uploader
+    module ContentTypeDenylist
+      extend ActiveSupport::Concern
+
+      included do
+        before :cache, :check_content_type_denylist!
+      end
+
+      ##
+      # Override this method in your uploader to provide a denylist of files content types
+      # which are not allowed to be uploaded.
+      # Not only strings but Regexp are allowed as well.
+      #
+      # === Returns
+      #
+      # [NilClass, String, Regexp, Array[String, Regexp]] a denylist of content types which are not allowed to be uploaded
+      #
+      # === Examples
+      #
+      #     def content_type_denylist
+      #       %w(text/json application/json)
+      #     end
+      #
+      # Basically the same, but using a Regexp:
+      #
+      #     def content_type_denylist
+      #       [/(text|application)\/json/]
+      #     end
+      #
+      def content_type_denylist
+      end
+
+    private
+
+      def check_content_type_denylist!(new_file)
+        denylist = content_type_denylist
+        if !denylist && respond_to?(:content_type_blacklist) && content_type_blacklist
+          ActiveSupport::Deprecation.warn "#content_type_blacklist is deprecated, use #content_type_denylist instead." unless instance_variable_defined?(:@content_type_blacklist_warned)
+          @content_type_blacklist_warned = true
+          denylist = content_type_blacklist
+        end
+
+        return unless denylist
+
+        ActiveSupport::Deprecation.warn "Use of #content_type_denylist is deprecated for the security reason, use #content_type_allowlist instead to explicitly state what are safe to accept" unless instance_variable_defined?(:@content_type_denylist_warned)
+        @content_type_denylist_warned = true
+
+        content_type = new_file.content_type
+        if denylisted_content_type?(denylist, content_type)
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.content_type_denylist_error",
+                                                            content_type: content_type, default: :"errors.messages.content_type_blacklist_error")
+        end
+      end
+
+      def denylisted_content_type?(denylist, content_type)
+        Array(denylist).any? { |item| content_type =~ /#{item}/ }
+      end
+
+    end # ContentTypeDenylist
+  end # Uploader
+end # CarrierWave

data/lib/carrierwave/uploader/dimension.rb

@@ -0,0 +1,66 @@
+require 'active_support'
+
+module CarrierWave
+  module Uploader
+    module Dimension
+      extend ActiveSupport::Concern
+
+      included do
+        before :cache, :check_dimensions!
+      end
+
+      ##
+      # Override this method in your uploader to provide a Range of width which
+      # are allowed to be uploaded.
+      # === Returns
+      #
+      # [NilClass, Range] a width range which are permitted to be uploaded
+      #
+      # === Examples
+      #
+      #     def width_range
+      #       1000..2000
+      #     end
+      #
+      def width_range; end
+
+      ##
+      # Override this method in your uploader to provide a Range of height which
+      # are allowed to be uploaded.
+      # === Returns
+      #
+      # [NilClass, Range] a height range which are permitted to be uploaded
+      #
+      # === Examples
+      #
+      #     def height_range
+      #       1000..
+      #     end
+      #
+      def height_range; end
+
+    private
+
+      def check_dimensions!(new_file)
+        # NOTE: Skip the check for resized images
+        return if version_name.present?
+        return unless width_range || height_range
+
+        unless respond_to?(:width) || respond_to?(:height)
+          raise 'You need to include one of CarrierWave::MiniMagick, CarrierWave::RMagick, or CarrierWave::Vips to perform image dimension validation'
+        end
+
+        if width_range&.begin && width < width_range.begin
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.min_width_error", :min_width => ActiveSupport::NumberHelper.number_to_delimited(width_range.begin))
+        elsif width_range&.end && width > width_range.end
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.max_width_error", :max_width => ActiveSupport::NumberHelper.number_to_delimited(width_range.end))
+        elsif height_range&.begin && height < height_range.begin
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.min_height_error", :min_height => ActiveSupport::NumberHelper.number_to_delimited(height_range.begin))
+        elsif height_range&.end && height > height_range.end
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.max_height_error", :max_height => ActiveSupport::NumberHelper.number_to_delimited(height_range.end))
+        end
+      end
+
+    end # Dimension
+  end # Uploader
+end # CarrierWave

data/lib/carrierwave/uploader/download.rb

@@ -1,6 +1,3 @@
-require 'open-uri'
-require 'ssrf_filter'
-
 module CarrierWave
   module Uploader
     module Download
@@ -10,87 +7,8 @@ module CarrierWave
       include CarrierWave::Uploader::Configuration
       include CarrierWave::Uploader::Cache
 
-      class RemoteFile
-        attr_reader :uri
-
-        def initialize(uri, remote_headers = {}, skip_ssrf_protection: false)
-          @uri = uri
-          @remote_headers = remote_headers.reverse_merge('User-Agent' => "CarrierWave/#{CarrierWave::VERSION}")
-          @file, @content_type, @headers = nil
-          @skip_ssrf_protection = skip_ssrf_protection
-        end
-
-        def original_filename
-          filename = filename_from_header || filename_from_uri
-          mime_type = MIME::Types[content_type].first
-          unless File.extname(filename).present? || mime_type.blank?
-            filename = "#{filename}.#{mime_type.extensions.first}"
-          end
-          filename
-        end
-
-        def respond_to?(*args)
-          super or file.respond_to?(*args)
-        end
-
-        def http?
-          @uri.scheme =~ /^https?$/
-        end
-
-        def content_type
-          @content_type || 'application/octet-stream'
-        end
-
-        def headers
-          @headers || {}
-        end
-
-        private
-
-        def file
-          if @file.blank?
-            if @skip_ssrf_protection
-              @file = (URI.respond_to?(:open) ? URI : Kernel).open(@uri.to_s, @remote_headers)
-              @file = @file.is_a?(String) ? StringIO.new(@file) : @file
-              @content_type = @file.content_type
-              @headers = @file.meta
-              @uri = @file.base_uri
-            else
-              request = nil
-              response = SsrfFilter.get(@uri, headers: @remote_headers) do |req|
-                request = req
-              end
-              response.value
-              @file = StringIO.new(response.body)
-              @content_type = response.content_type
-              @headers = response
-              @uri = request.uri
-            end
-          end
-          @file
-
-        rescue StandardError => e
-          raise CarrierWave::DownloadError, "could not download file: #{e.message}"
-        end
-
-        def filename_from_header
-          if headers['content-disposition']
-            match = headers['content-disposition'].match(/filename="?([^"]+)/)
-            return match[1] unless match.nil? || match[1].empty?
-          end
-        end
-
-        def filename_from_uri
-          URI::DEFAULT_PARSER.unescape(File.basename(@uri.path))
-        end
-
-        def method_missing(*args, &block)
-          file.send(*args, &block)
-        end
-      end
-
       ##
-      # Caches the file by downloading it from the given URL.
+      # Caches the file by downloading it from the given URL, using downloader.
       #
       # === Parameters
       #
@@ -98,48 +16,9 @@ module CarrierWave
       # [remote_headers (Hash)] Request headers
       #
       def download!(uri, remote_headers = {})
-        processed_uri = process_uri(uri)
-        file = RemoteFile.new(processed_uri, remote_headers, skip_ssrf_protection: skip_ssrf_protection?(processed_uri))
-        raise CarrierWave::DownloadError, "trying to download a file which is not served over HTTP" unless file.http?
+        file = downloader.new(self).download(uri, remote_headers)
         cache!(file)
       end
-
-      ##
-      # Processes the given URL by parsing and escaping it. Public to allow overriding.
-      #
-      # === Parameters
-      #
-      # [url (String)] The URL where the remote file is stored
-      #
-      def process_uri(uri)
-        URI.parse(uri)
-      rescue URI::InvalidURIError
-        uri_parts = uri.split('?')
-        # regexp from Ruby's URI::Parser#regexp[:UNSAFE], with [] specifically removed
-        encoded_uri = URI::DEFAULT_PARSER.escape(uri_parts.shift, /[^\-_.!~*'()a-zA-Z\d;\/?:@&=+$,]/)
-        encoded_uri << '?' << URI::DEFAULT_PARSER.escape(uri_parts.join('?')) if uri_parts.any?
-        URI.parse(encoded_uri) rescue raise CarrierWave::DownloadError, "couldn't parse URL"
-      end
-
-      ##
-      # If this returns true, SSRF protection will be bypassed.
-      # You can override this if you want to allow accessing specific local URIs that are not SSRF exploitable.
-      #
-      # === Parameters
-      #
-      # [uri (URI)] The URI where the remote file is stored
-      #
-      # === Examples
-      #
-      #     class MyUploader < CarrierWave::Uploader::Base
-      #       def skip_ssrf_protection?(uri)
-      #         uri.hostname == 'localhost' && uri.port == 80
-      #       end
-      #     end
-      #
-      def skip_ssrf_protection?(uri)
-        false
-      end
     end # Download
   end # Uploader
 end # CarrierWave