file_validators 1.1.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e8e04639d14acd35e4d98938b786d372f5218bdd
-  data.tar.gz: b045b75d86de521365bece751da3b3c24ea890c8
+  metadata.gz: b2c81af7c7d23418b0c6e37eea387759dda91a48
+  data.tar.gz: a50cac956a66ac32de2c01b15ffe3be6b5acfbfe
 SHA512:
-  metadata.gz: a57497456ee76a9f96f1d74e3e5599e43d8d9e68ab120c0bd6b8fe6945a643cc04acb7b97c50ec65f33b34c1352a346bf6564f0c695b67940e10a459b2f5be19
-  data.tar.gz: 4fd2174b5f6a7dae46f0f6ada517f4cb918279286918425948c845dd67d0a744f4e6086eb68ee4b2add6da9849c3a0d2033efa8559e664cdc11c828161dbe9c4
+  metadata.gz: 6f6a8749bea73140878064b29e78a79b938076d28b42dcec160f955867d297d8d79cb01e3ec533cdef3571678f85f887071e267734f830fb095038f97b9eadb6
+  data.tar.gz: f1e3491b792d054b3e515944b64b0fe2fdb1bce5f1a62c2d1ad3b54494a8787e9536e8d5b0870a165f477a4b0d67d09c8d105bb376ca04e03eae387c4673731c

data/.rspec

@@ -0,0 +1 @@
+--color

data/README.md

@@ -1,18 +1,23 @@
 # File Validators
 
-[![Gem Version](http://img.shields.io/gem/v/file_validators.svg)](https://rubygems.org/gems/file_validators)
+[![Gem Version](https://badge.fury.io/rb/file_validators.svg)](http://badge.fury.io/rb/file_validators)
 [![Build Status](https://travis-ci.org/musaffa/file_validators.svg)](https://travis-ci.org/musaffa/file_validators)
-[![Dependency Status](http://img.shields.io/gemnasium/musaffa/file_validators.svg)](https://gemnasium.com/musaffa/file_validators)
-[![Coverage Status](http://img.shields.io/coveralls/musaffa/file_validators.svg)](https://coveralls.io/r/musaffa/file_validators)
-[![Code Climate](http://img.shields.io/codeclimate/github/musaffa/file_validators.svg)](https://codeclimate.com/github/musaffa/file_validators)
+[![Dependency Status](https://gemnasium.com/musaffa/file_validators.svg)](https://gemnasium.com/musaffa/file_validators)
+[![Coverage Status](https://coveralls.io/repos/musaffa/file_validators/badge.png)](https://coveralls.io/r/musaffa/file_validators)
+[![Code Climate](https://codeclimate.com/github/musaffa/file_validators/badges/gpa.svg)](https://codeclimate.com/github/musaffa/file_validators)
+[![Inline docs](http://inch-ci.org/github/musaffa/file_validators.svg)](http://inch-ci.org/github/musaffa/file_validators)
 
-File Validators gem adds file size and content type validations to ActiveModel. Any module that uses ActiveModel, for example ActiveRecord, can use these file validators.
+File Validators gem adds file size and content type validations to ActiveModel.
+Any module that uses ActiveModel, for example ActiveRecord, can use these file validators.
 
 ## Support
 
 * ActiveModel versions: 3 and 4.
 * Rails versions: 3 and 4.
 
+It has been tested to work with Carrierwave, Paperclip, Dragonfly etc file uploading solutions.
+Validations works both before and after uploads.
+
 ## Installation
 
 Add the following to your Gemfile:
@@ -31,7 +36,7 @@ class Profile
 
   attr_accessor :avatar
   validates :avatar, file_size: { less_than_or_equal_to: 100.kilobytes },
-                     file_content_type: { allow: ['image/jpeg', 'image/png', 'image/gif'] } 
+                     file_content_type: { allow: ['image/jpeg', 'image/png'] } 
 end
 ```
 ActiveRecord example:
@@ -39,10 +44,12 @@ ActiveRecord example:
 ```ruby
 class Profile < ActiveRecord::Base
   validates :avatar, file_size: { less_than_or_equal_to: 100.kilobytes },
-                     file_content_type: { allow: ['image/jpeg', 'image/png', 'image/gif'] }
+                     file_content_type: { allow: ['image/jpeg', 'image/png'] }
 end
 ```
 
+You can also use `:validates_file_size` and `:validates_file_content_type` idioms.
+
 ## API
 
 ### File Size Validator:
@@ -73,11 +80,11 @@ With `:in` you will get `min` and `max` as replacements.
 You can write error messages without using any replacement.
 ```ruby
 validates :avatar, file_size: { less_than: 100.kilobytes,
-                                message: 'avatar file size should be less than %{count}' } 
+                                message: 'avatar should be less than %{count}' } 
 ```
 ```ruby
 validates :document, file_size: { in: 1.kilobyte..1.megabyte,
-                                  message: 'document should be within %{min} and %{max}' }
+                                  message: 'must be within %{min} and %{max}' }
 ```
 * `if`: A lambda or name of an instance method. Validation will only be run if this lambda or method returns true.
 * `unless`: Same as `if` but validates if lambda or method returns false.
@@ -103,14 +110,14 @@ validates :avatar, file_size: { less_than: lambda { |record| record.size_in_byte
 
 ### File Content Type Validator
 
-* `allow`: Allowed content types.  Can be a single content type or an array.  Each type can be a String or a Regexp. It also accepts proc. Allows all by default.
+* `allow`: Allowed content types.  Can be a single content type or an array.  Each type can be a String or a Regexp. It also accepts `proc`. Allows all by default.
 ```ruby
 # string
 validates :avatar, file_content_type: { allow: 'image/jpeg' }
 ```
 ```ruby
 # array of strings
-validates :attachment, file_content_type: { allow: ['image/jpeg', 'image/png', 'text/plain'] }
+validates :attachment, file_content_type: { allow: ['image/jpeg', 'text/plain'] }
 ```
 ```ruby
 # regexp
@@ -133,11 +140,11 @@ validates :video, file_content_type: { allow: lambda { |record| record.content_t
 You will get `types` as a replacement. You can write error messages without using any replacement.
 ```ruby
 validates :avatar, file_content_type: { allow: ['image/jpeg', 'image/gif'],
-                                        message: 'should have content type %{types}' }
+                                        message: 'only %{types} are allowed' }
 ```
 ```ruby
 validates :avatar, file_content_type: { allow: ['image/jpeg', 'image/gif'],
-                                        message: 'Avatar only allows jpeg and gif image files' }
+                                        message: 'Avatar only allows jpeg and gif' }
 ```
 * `if`: A lambda or name of an instance method. Validation will only be run is this lambda or method returns true.
 * `unless`: Same as `if` but validates if lambda or method returns false.
@@ -148,6 +155,18 @@ You can combine `:allow` and `:exclude`:
 validates :avatar, file_content_type: { allow: /^image\/.*/, exclude: ['image/png', 'image/gif'] }
 ```
 
+## Security
+
+This gem uses file command to get the content type based on the content of the file rather
+than the extension. This prevents fake content types inserted in the request header.
+
+It also prevents file media type spoofing. For example, user may upload a .html document as 
+a part of the EXIF header of a valid JPEG file. Content type validator will identify its content type
+as `image/jpeg` and, without spoof detection, it may pass the validation and be saved as .html document
+thus exposing your application to a security vulnerability. Media type spoof detector wont let that happen. It will not allow a file having `image/jpeg` content type to be saved as `text/plain`. It checks only media type mismatch, for example `text` of `text/plain` and `image` of `image/jpeg`. So it will not prevent `image/jpeg` from saving as `image/png` as both have the same `image` media type.
+
+**note**: Media type spoof detection is integrated in the [content type validator](#file-content-type-validator). This means without content type validation spoof detection wont be enabled.
+
 ## i18n Translations
 
 File Size Errors
@@ -158,6 +177,8 @@ File Size Errors
 * `file_size_is_greater_than_or_equal_to`: takes `count` as replacement
 
 Content Type Errors
+* `spoofed_file_media_type`: generated when file media type from its extension doesn't match the media type of its
+content. learn more from [security](#Security).
 * `allowed_file_content_types`: generated when you have specified allowed types but the content type
 of the file doesn't match. takes `types` as replacement.
 * `excluded_file_content_types`: generated when you have specified excluded types and the content type

data/file_validators.gemspec

@@ -18,6 +18,8 @@ Gem::Specification.new do |s|
   s.require_paths  = ['lib']
 
   s.add_dependency 'activemodel', '>= 3.0'
+  s.add_dependency 'mime-types', '>= 1.0'
+  s.add_dependency 'cocaine', '~> 0.5.4'
 
   s.add_development_dependency 'rake'
   s.add_development_dependency 'rspec', '~> 3.1.0'

data/lib/file_validators/locale/en.yml

@@ -7,6 +7,7 @@ en:
       file_size_is_greater_than: ! 'file size must be greater than %{count}'
       file_size_is_greater_than_or_equal_to: ! 'file size must be greater than or equal to %{count}'
 
+      spoofed_file_media_type: file has an extension that does not match its contents
       allowed_file_content_types: ! 'file should be one of %{types}'
       excluded_file_content_types: ! 'file cannot be %{types}'
 

data/lib/file_validators/utils/content_type_detector.rb

@@ -0,0 +1,41 @@
+require 'cocaine'
+
+module FileValidators
+  module Utils
+
+    class ContentTypeDetector
+      EMPTY_CONTENT_TYPE = 'inode/x-empty'
+      DEFAULT_CONTENT_TYPE = 'application/octet-stream'
+
+      def initialize(file_path)
+        @file_path = file_path
+      end
+
+      # content type detection strategy:
+      #
+      # 1. empty file: returns 'inode/x-empty'
+      # 2. nonempty file: if the file is not empty then returns the content type using file command
+      # 3. invalid file: file command raises error and returns 'application/octet-stream'
+
+      def detect
+        empty_file? ? EMPTY_CONTENT_TYPE : content_type_from_file_command
+      end
+
+      private
+
+      def empty_file?
+        File.exists?(@file_path) && File.size(@file_path) == 0
+      end
+
+      def content_type_from_file_command
+        type = begin
+          Cocaine::CommandLine.new('file', '-b --mime-type :file').run(file: @file_path)
+        rescue Cocaine::CommandLineError => e
+          # TODO: log command failure
+          DEFAULT_CONTENT_TYPE
+        end.strip
+      end
+    end
+
+  end
+end

data/lib/file_validators/utils/media_type_spoof_detector.rb

@@ -0,0 +1,46 @@
+require 'mime/types'
+
+module FileValidators
+  module Utils
+
+    class MediaTypeSpoofDetector
+      def initialize(content_type, file_name)
+        @content_type = content_type
+        @file_name = file_name
+      end
+
+      # media type spoof detection strategy:
+      #
+      # 1. it will not identify as spoofed if file name doesn't have any extension
+      # 2. it will identify as spoofed if any of the file extension's media types
+      # matches the media type of the content type. So it will return true for
+      # `text` of `text/plain` mismatch with `image` of `image/jpeg`, but return false
+      # for `image` of `image/png` match with `image` of `image/jpeg`.
+
+      def spoofed?
+        has_extension? and media_type_mismatch?
+      end
+
+      private
+
+      def has_extension?
+        # the following code replaced File.extname(@file_name).present? because it cannot
+        # return the extension of a file named '.html', '.jpg' etc
+        @file_name.split('.').length > 1
+      end
+
+      def media_type_mismatch?
+        supplied_media_types.none? { |type| type == detected_media_type }
+      end
+
+      def supplied_media_types
+        MIME::Types.type_for(@file_name).collect(&:media_type)
+      end
+
+      def detected_media_type
+        @content_type.split('/').first
+      end
+    end
+
+  end
+end

data/lib/file_validators/validators/file_content_type_validator.rb

@@ -1,7 +1,10 @@
+require 'file_validators/utils/content_type_detector'
+require 'file_validators/utils/media_type_spoof_detector'
+
 module ActiveModel
   module Validations
 
-    class FileContentTypeValidator < EachValidator
+    class FileContentTypeValidator < ActiveModel::EachValidator
       CHECKS = [:allow, :exclude].freeze
 
       def self.helper_method_name
@@ -10,9 +13,15 @@ module ActiveModel
 
       def validate_each(record, attribute, value)
         unless value.blank?
-          content_type = value.content_type
-          validate_whitelist(record, attribute, content_type)
-          validate_blacklist(record, attribute, content_type)
+          file_path = get_file_path(value)
+          file_name = get_file_name(value)
+          content_type = detect_content_type(file_path)
+          allowed_types = option_content_types(record, :allow)
+          forbidden_types = option_content_types(record, :exclude)
+
+          validate_media_type(record, attribute, content_type, file_name)
+          validate_whitelist(record, attribute, content_type, allowed_types)
+          validate_blacklist(record, attribute, content_type, forbidden_types)
         end
       end
 
@@ -30,34 +39,67 @@ module ActiveModel
 
       private
 
-      def validate_whitelist(record, attribute, value)
-        allowed_types = [options_call(record, :allow)].flatten.compact
-        if allowed_types.present? && allowed_types.none? { |type| type === value }
-          record.errors.add attribute, :allowed_file_content_types, options.merge(:types => allowed_types.join(', '))
+      def get_file_path(value)
+        if value.try(:path)
+          value.path
+        else
+          raise ArgumentError, 'value must return a file path in order to validate file content type'
         end
       end
 
-      def validate_blacklist(record, attribute, value)
-        forbidden_types = [options_call(record, :exclude)].flatten.compact
-        if forbidden_types.present? && forbidden_types.any? { |type| type === value }
-          record.errors.add attribute, :excluded_file_content_types, options.merge(:types => forbidden_types.join(', '))
+      def get_file_name(value)
+        if value.try(:original_filename)
+          value.original_filename
+        else
+          File.basename(get_file_path(value))
         end
       end
 
-      def options_call(record, key)
+      def detect_content_type(file_path)
+        FileValidators::Utils::ContentTypeDetector.new(file_path).detect
+      end
+
+      def option_content_types(record, key)
+        [option_value(record, key)].flatten.compact
+      end
+
+      def option_value(record, key)
         options[key].is_a?(Proc) ? options[key].call(record) : options[key]
       end
+
+      def validate_media_type(record, attribute, content_type, file_name)
+        if FileValidators::Utils::MediaTypeSpoofDetector.new(content_type, file_name).spoofed?
+          record.errors.add attribute, :spoofed_file_media_type
+        end
+      end
+
+      def validate_whitelist(record, attribute, content_type, allowed_types)
+        if allowed_types.present? and allowed_types.none? { |type| type === content_type }
+          mark_invalid record, attribute, :allowed_file_content_types, allowed_types
+        end
+      end
+
+      def validate_blacklist(record, attribute, content_type, forbidden_types)
+        if forbidden_types.any? { |type| type === content_type }
+          mark_invalid record, attribute, :excluded_file_content_types, forbidden_types
+        end
+      end
+
+      def mark_invalid(record, attribute, error, option_types)
+        record.errors.add attribute, error, options.merge(types: option_types.join(', '))
+      end
     end
 
     module HelperMethods
       # Places ActiveModel validations on the content type of the file
       # assigned. The possible options are:
-      # * +allow+: Allowed content types.  Can be a single content type
-      #   or an array.  Each type can be a String or a Regexp. It should be
-      #   noted that Internet Explorer uploads files with content_types that you
-      #   may not expect. For example, JPEG images are given image/pjpeg and
-      #   PNGs are image/x-png, so keep that in mind when determining how you
-      #   match.  Allows all by default.
+      # * +allow+: Allowed content types. Can be a single content type
+      #   or an array. Each type can be a String or a Regexp. It can also
+      #   be a proc/lambda. It should be noted that Internet Explorer uploads
+      #   files with content_types that you may not expect. For example,
+      #   JPEG images are given image/pjpeg and PNGs are image/x-png, so keep
+      #   that in mind when determining how you match.
+      #   Allows all by default.
       # * +exclude+: Forbidden content types.
       # * +message+: The message to display when the uploaded file has an invalid
       #   content type.

data/lib/file_validators/validators/file_size_validator.rb

@@ -1,7 +1,7 @@
 module ActiveModel
   module Validations
 
-    class FileSizeValidator < EachValidator
+    class FileSizeValidator < ActiveModel::EachValidator
       CHECKS = { in: :===,
                  less_than: :<,
                  less_than_or_equal_to: :<=,
@@ -31,15 +31,20 @@ module ActiveModel
                                 :less_than_or_equal_to, :greater_than and :greater_than_or_equal_to'
         end
 
-        options.slice(*CHECKS.keys).each do |option, value|
-          unless value.is_a?(Numeric) || value.is_a?(Range) || value.is_a?(Proc)
-            raise ArgumentError, ":#{option} must be a number, a range or a proc"
-          end
-        end
+        check_options(Numeric, options.slice(*(CHECKS.keys - [:in])))
+        check_options(Range, options.slice(:in))
       end
 
       private
 
+      def check_options(klass, options)
+        options.each do |option, value|
+          unless value.is_a?(klass) || value.is_a?(Proc)
+            raise ArgumentError, ":#{option} must be a #{klass.name.to_s.downcase} or a proc"
+          end
+        end
+      end
+
       def valid_size?(size, option, option_value)
         if option_value.is_a?(Range)
           option_value.send(CHECKS[option], size)

data/lib/file_validators/version.rb

@@ -1,3 +1,3 @@
 module FileValidators
-  VERSION = '1.1.0'
+  VERSION = '1.2.0'
 end

data/spec/lib/file_validators/utils/content_type_detector_spec.rb

@@ -0,0 +1,27 @@
+require 'spec_helper'
+require 'tempfile'
+
+describe FileValidators::Utils::ContentTypeDetector do
+  it 'returns the empty content type when the file is empty' do
+    tempfile = Tempfile.new('empty')
+    expect(FileValidators::Utils::ContentTypeDetector.new(tempfile).detect).to eql('inode/x-empty')
+    tempfile.close
+  end
+
+  it 'returns a content type based on the content of the file' do
+    tempfile = Tempfile.new('something')
+    tempfile.write('This is a file.')
+    tempfile.rewind
+    expect(FileValidators::Utils::ContentTypeDetector.new(tempfile.path).detect).to eql('text/plain')
+    tempfile.close
+  end
+
+  it 'returns a sensible default when the file path is empty' do
+    expect(FileValidators::Utils::ContentTypeDetector.new('').detect).to eql('application/octet-stream')
+  end
+
+  it 'returns a sensible default if the file path is invalid' do
+    @filename = '/path/to/nothing'
+    expect(FileValidators::Utils::ContentTypeDetector.new(@filename).detect).to eql('application/octet-stream')
+  end
+end

data/spec/lib/file_validators/utils/media_type_spoof_detector_spec.rb

@@ -0,0 +1,31 @@
+require 'spec_helper'
+
+describe FileValidators::Utils::MediaTypeSpoofDetector do
+  it 'rejects a file with an extension .html and identifies as jpeg' do
+    expect(FileValidators::Utils::MediaTypeSpoofDetector.new('image/jpeg', 'sample.html')).to be_spoofed
+  end
+
+  it 'does not reject a file with an extension .jpg and identifies as png' do
+    expect(FileValidators::Utils::MediaTypeSpoofDetector.new('image/png', 'sample.jpg')).not_to be_spoofed
+  end
+
+  it 'does not reject a file with an extension .txt and identifies as text' do
+    expect(FileValidators::Utils::MediaTypeSpoofDetector.new('text/plain', 'sample.txt')).not_to be_spoofed
+  end
+
+  it 'does not reject a file that does not have any name' do
+    expect(FileValidators::Utils::MediaTypeSpoofDetector.new('text/plain', '')).not_to be_spoofed
+  end
+
+  it 'does not reject a file that does not have any extension' do
+    expect(FileValidators::Utils::MediaTypeSpoofDetector.new('text/plain', 'sample')).not_to be_spoofed
+  end
+
+  it 'rejects a file that does not have a basename but has an extension with mismatched media type' do
+    expect(FileValidators::Utils::MediaTypeSpoofDetector.new('image/jpeg', '.html')).to be_spoofed
+  end
+
+  it 'does not reject a file that does not have a basename but has an extension with valid media type' do
+    expect(FileValidators::Utils::MediaTypeSpoofDetector.new('image/png', '.jpg')).not_to be_spoofed
+  end
+end

data/spec/lib/file_validators/validators/file_content_type_validator_spec.rb

@@ -147,12 +147,17 @@ describe ActiveModel::Validations::FileContentTypeValidator do
       expect { build_validator message: 'Some message' }.to raise_error(ArgumentError)
     end
 
-    it 'does not raise argument error if :in was given' do
-      expect { build_validator allow: 'image/jpg' }.not_to raise_error
-    end
+    ActiveModel::Validations::FileContentTypeValidator::CHECKS.each do |argument|
+      it "does not raise error if :#{argument} is string, array, regexp or a proc" do
+        expect { build_validator argument => 'image/jpg' }.not_to raise_error
+        expect { build_validator argument => ['image/jpg'] }.not_to raise_error
+        expect { build_validator argument => /^image\/.*/ }.not_to raise_error
+        expect { build_validator argument => lambda { |record| 'image/jpg' } }.not_to raise_error
+      end
 
-    it 'does not raise argument error if :exclude was given' do
-      expect { build_validator exclude: 'image/jpg' }.not_to raise_error
+      it "raises argument error if :#{argument} is neither a string, array, regexp nor proc" do
+        expect { build_validator argument => 5.kilobytes }.to raise_error(ArgumentError)
+      end
     end
   end
 end

data/spec/lib/file_validators/validators/file_size_validator_spec.rb

@@ -183,14 +183,24 @@ describe ActiveModel::Validations::FileSizeValidator do
       expect { build_validator message: 'Some message' }.to raise_error(ArgumentError)
     end
 
-    (ActiveModel::Validations::FileSizeValidator::CHECKS.keys).each do |argument|
-      it "does not raise argument error if #{argument} was given" do
+    (ActiveModel::Validations::FileSizeValidator::CHECKS.keys - [:in]).each do |argument|
+      it "does not raise argument error if :#{argument} is numeric or a proc" do
         expect { build_validator argument => 5.kilobytes }.not_to raise_error
+        expect { build_validator argument => lambda { |record| 5.kilobytes } }.not_to raise_error
       end
+
+      it "raises error if :#{argument} is neither a number nor a proc" do
+        expect { build_validator argument => 5.kilobytes..10.kilobytes }.to raise_error(ArgumentError)
+      end
+    end
+
+    it 'does not raise argument error if :in is a range or a proc' do
+      expect { build_validator in: 5.kilobytes..10.kilobytes }.not_to raise_error
+      expect { build_validator in: lambda { |record| 5.kilobytes..10.kilobytes } }.not_to raise_error
     end
 
-    it 'does not raise argument error if :in was given' do
-      expect { build_validator in: (5.kilobytes..10.kilobytes) }.not_to raise_error
+    it 'raises error if :in is neither a range nor a proc' do
+      expect { build_validator in: 5.kilobytes }.to raise_error(ArgumentError)
     end
   end
 end

data/spec/support/matchers/allow_content_type.rb

@@ -1,7 +1,8 @@
 RSpec::Matchers.define :allow_file_content_type do |content_type, validator, message|
   match do |model|
-    value = double('file', content_type: content_type)
+    value = double('file', path: content_type, original_filename: content_type)
     model.any_instance.stub(:read_attribute_for_validation).and_return(value)
+    validator.stub(:detect_content_type).and_return(content_type)
     dummy = model.new
     validator.validate(dummy)
     if message.present?

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: file_validators
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Ahmad Musaffa
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-11 00:00:00.000000000 Z
+date: 2014-10-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel
@@ -24,6 +24,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: mime-types
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: cocaine
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.4
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -88,6 +116,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".rspec"
 - ".travis.yml"
 - Appraisals
 - Gemfile
@@ -103,6 +132,8 @@ files:
 - gemfiles/activemodel_4.1.gemfile
 - lib/file_validators.rb
 - lib/file_validators/locale/en.yml
+- lib/file_validators/utils/content_type_detector.rb
+- lib/file_validators/utils/media_type_spoof_detector.rb
 - lib/file_validators/validators/file_content_type_validator.rb
 - lib/file_validators/validators/file_size_validator.rb
 - lib/file_validators/version.rb
@@ -113,6 +144,8 @@ files:
 - spec/integration/combined_validators_integration_spec.rb
 - spec/integration/file_content_type_validation_integration_spec.rb
 - spec/integration/file_size_validator_integration_spec.rb
+- spec/lib/file_validators/utils/content_type_detector_spec.rb
+- spec/lib/file_validators/utils/media_type_spoof_detector_spec.rb
 - spec/lib/file_validators/validators/file_content_type_validator_spec.rb
 - spec/lib/file_validators/validators/file_size_validator_spec.rb
 - spec/locale/en.yml
@@ -151,6 +184,8 @@ test_files:
 - spec/integration/combined_validators_integration_spec.rb
 - spec/integration/file_content_type_validation_integration_spec.rb
 - spec/integration/file_size_validator_integration_spec.rb
+- spec/lib/file_validators/utils/content_type_detector_spec.rb
+- spec/lib/file_validators/utils/media_type_spoof_detector_spec.rb
 - spec/lib/file_validators/validators/file_content_type_validator_spec.rb
 - spec/lib/file_validators/validators/file_size_validator_spec.rb
 - spec/locale/en.yml