file_validators 2.0.2 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ff6c87fab7ee11b1ce0fb5770332f0f1b22c5b96
-  data.tar.gz: c5b54b8b7b01b685b0f9ee3097c3f8cecbe8ddc0
+  metadata.gz: 451e981eb130a49dc6c51834bd7ed4dd30652c9a
+  data.tar.gz: e6b28941ccf9ced999b0e201ad17738efb8bc767
 SHA512:
-  metadata.gz: 87bf7a8b288777610e8365b486ba806715ee155cc2c5b808aadea4b4f95e1bb18398d394b10af215ffde63fe0babbbc9ea70d265005a727cb31d7b01966ad69a
-  data.tar.gz: d05f373a6c43907891cbdc0358e3f0389027b2b10b41d788a83db65cb6edca23b3bdf3910bd82c8ebb45b350c368b94884033a0f98f5d65093bf00ff7b0d034d
+  metadata.gz: 8c40fa1dae6faf187cc4d3ba77db40691b9bfe58fe9fa99bc88b9fc36477b49ef06bd360ffa8a8af4e2d6f4d56421259b9d9623ab3732a06883b8e64c3f57eb4
+  data.tar.gz: 4c6aed01f6c15c42c3f917dcdbbbb4c28907ed662a16f823e33d7416005122e159f2504d4991f5fd4b7b20405b332566a1d52137164f224ce5c1504df1c45407

data/.gitignore

@@ -10,3 +10,4 @@ Gemfile.lock
 gemfiles/*.lock
 coverage/
 /.idea
+.ruby-version

data/.travis.yml

@@ -1,7 +1,11 @@
 language: ruby
+
 rvm:
-  - 1.9.3
-  - 2.2.2
+  - 2.0
+  - 2.2.3
+  - ruby-head
+  - jruby-9.0.4.0
+
 gemfile:
   - gemfiles/activemodel_4.2.gemfile
   - gemfiles/activemodel_4.1.gemfile
@@ -9,3 +13,7 @@ gemfile:
   - gemfiles/activemodel_3.2.gemfile
   - gemfiles/activemodel_3.1.gemfile
   - gemfiles/activemodel_3.0.gemfile
+
+matrix:
+  allow_failures:
+    - rvm: ruby-head

data/CHANGELOG.mod

@@ -0,0 +1,6 @@
+# 2.1.0
+
+* Use autoload for lazy loading of libraries
+* Media type spoof valiation is moved to content type detector
+* spoofed_file_media_type message isn't needed anymore
+* Show logger info and warning

data/README.md

@@ -191,8 +191,6 @@ File Size Errors
 * `file_size_is_greater_than_or_equal_to`: takes `count` as replacement
 
 Content Type Errors
-* `spoofed_file_media_type`: generated when file media type from its extension doesn't match the media type of its
-content. learn more from [security](#Security).
 * `allowed_file_content_types`: generated when you have specified allowed types but the content type
 of the file doesn't match. takes `types` as replacement.
 * `excluded_file_content_types`: generated when you have specified excluded types and the content type
@@ -249,10 +247,14 @@ uploaders start processing a file immediately after its assignment (even before
 
 ## Tests
 
-```ruby
-rake
-rake test:unit
-rake test:integration
+```Shell
+$ rake
+$ rake test:unit
+$ rake test:integration
+
+# test different active model versions
+$ appraisal install
+$ appraisal rake
 ```
 
 ## Problems

data/lib/file_validators.rb

@@ -1,6 +1,16 @@
 require 'active_model'
-require 'file_validators/validators/file_size_validator'
-require 'file_validators/validators/file_content_type_validator'
+require 'ostruct'
+
+module FileValidators
+  module Utils
+    extend ActiveSupport::Autoload
+
+    autoload :ContentTypeDetector
+    autoload :MediaTypeSpoofDetector
+  end
+end
+
+Dir[File.dirname(__FILE__) + "/file_validators/validators/*.rb"].each { |file| require file }
 
 locale_path = Dir.glob(File.dirname(__FILE__) + '/file_validators/locale/*.yml')
 I18n.load_path += locale_path unless I18n.load_path.include?(locale_path)

data/lib/file_validators/locale/en.yml

@@ -7,7 +7,5 @@ en:
       file_size_is_greater_than: ! 'file size must be greater than %{count}'
       file_size_is_greater_than_or_equal_to: ! 'file size must be greater than or equal to %{count}'
 
-      spoofed_file_media_type: file has an extension that does not match its contents
       allowed_file_content_types: ! 'file should be one of %{types}'
       excluded_file_content_types: ! 'file cannot be %{types}'
-

data/lib/file_validators/utils/content_type_detector.rb

@@ -1,6 +1,9 @@
+require 'logger'
+
 begin
   require 'cocaine'
 rescue LoadError
+  puts "file_validators requires 'cocaine' gem as you are using file content type validations in strict mode"
 end
 
 module FileValidators
@@ -10,8 +13,11 @@ module FileValidators
       EMPTY_CONTENT_TYPE = 'inode/x-empty'
       DEFAULT_CONTENT_TYPE = 'application/octet-stream'
 
-      def initialize(file_path)
+      attr_accessor :file_path, :file_name
+
+      def initialize(file_path, file_name)
         @file_path = file_path
+        @file_name = file_name
       end
 
       # content type detection strategy:
@@ -21,24 +27,36 @@ module FileValidators
       # 3. invalid file: file command raises error and returns 'application/octet-stream'
 
       def detect
-        empty_file? ? EMPTY_CONTENT_TYPE : content_type_from_file_command
+        empty_file? ? EMPTY_CONTENT_TYPE : content_type_from_content
       end
 
       private
 
       def empty_file?
-        File.exists?(@file_path) && File.size(@file_path) == 0
+        File.exists?(file_path) && File.size(file_path) == 0
       end
 
-      def content_type_from_file_command
-        type = begin
-          Cocaine::CommandLine.new('file', '-b --mime-type :file').run(file: @file_path)
-        rescue NameError => e
-          puts "file_validators: Add 'cocaine' gem as you are using file content type validations in strict mode"
+      def content_type_from_content
+        content_type = type_from_file_command
+
+        if FileValidators::Utils::MediaTypeSpoofDetector.new(content_type, file_name).spoofed?
+          logger.warn('A file with a spoofed media type has been detected by the file validators.')
+        else
+          content_type
+        end
+      end
+
+      def type_from_file_command
+        begin
+          Cocaine::CommandLine.new('file', '-b --mime-type :file').run(file: @file_path).strip
         rescue Cocaine::CommandLineError => e
-          # TODO: log command failure
+          logger.info(e.message)
           DEFAULT_CONTENT_TYPE
-        end.strip
+        end
+      end
+
+      def logger
+        Logger.new(STDOUT)
       end
     end
 

data/lib/file_validators/validators/file_content_type_validator.rb

@@ -1,6 +1,3 @@
-require 'file_validators/utils/content_type_detector'
-require 'file_validators/utils/media_type_spoof_detector'
-
 module ActiveModel
   module Validations
 
@@ -19,7 +16,6 @@ module ActiveModel
           allowed_types = option_content_types(record, :allow)
           forbidden_types = option_content_types(record, :exclude)
 
-          validate_media_type(record, attribute, content_type, get_file_name(value)) if mode == :strict
           validate_whitelist(record, attribute, content_type, allowed_types)
           validate_blacklist(record, attribute, content_type, forbidden_types)
         end
@@ -59,7 +55,8 @@ module ActiveModel
         case mode
         when :strict
           file_path = get_file_path(value)
-          FileValidators::Utils::ContentTypeDetector.new(file_path).detect
+          file_name = get_file_name(value)
+          FileValidators::Utils::ContentTypeDetector.new(file_path, file_name).detect
         when :relaxed
           file_name = get_file_name(value)
           MIME::Types.type_for(file_name).first
@@ -77,12 +74,6 @@ module ActiveModel
         options[key].is_a?(Proc) ? options[key].call(record) : options[key]
       end
 
-      def validate_media_type(record, attribute, content_type, file_name)
-        if FileValidators::Utils::MediaTypeSpoofDetector.new(content_type, file_name).spoofed?
-          record.errors.add attribute, :spoofed_file_media_type
-        end
-      end
-
       def validate_whitelist(record, attribute, content_type, allowed_types)
         if allowed_types.present? and allowed_types.none? { |type| type === content_type }
           mark_invalid record, attribute, :allowed_file_content_types, allowed_types

data/lib/file_validators/version.rb

@@ -1,3 +1,3 @@
 module FileValidators
-  VERSION = '2.0.2'
+  VERSION = '2.1.0'
 end

data/spec/lib/file_validators/utils/content_type_detector_spec.rb

@@ -4,7 +4,7 @@ require 'tempfile'
 describe FileValidators::Utils::ContentTypeDetector do
   it 'returns the empty content type when the file is empty' do
     tempfile = Tempfile.new('empty')
-    expect(FileValidators::Utils::ContentTypeDetector.new(tempfile).detect).to eql('inode/x-empty')
+    expect(described_class.new(tempfile.path, tempfile.path).detect).to eql('inode/x-empty')
     tempfile.close
   end
 
@@ -12,16 +12,16 @@ describe FileValidators::Utils::ContentTypeDetector do
     tempfile = Tempfile.new('something')
     tempfile.write('This is a file.')
     tempfile.rewind
-    expect(FileValidators::Utils::ContentTypeDetector.new(tempfile.path).detect).to eql('text/plain')
+    expect(described_class.new(tempfile.path, tempfile.path).detect).to eql('text/plain')
     tempfile.close
   end
 
   it 'returns a sensible default when the file path is empty' do
-    expect(FileValidators::Utils::ContentTypeDetector.new('').detect).to eql('application/octet-stream')
+    expect(described_class.new('', '').detect).to eql('application/octet-stream')
   end
 
   it 'returns a sensible default if the file path is invalid' do
-    @filename = '/path/to/nothing'
-    expect(FileValidators::Utils::ContentTypeDetector.new(@filename).detect).to eql('application/octet-stream')
+    file_path = '/path/to/nothing'
+    expect(described_class.new(file_path, file_path).detect).to eql('application/octet-stream')
   end
 end

data/spec/lib/file_validators/utils/media_type_spoof_detector_spec.rb

@@ -2,30 +2,30 @@ require 'spec_helper'
 
 describe FileValidators::Utils::MediaTypeSpoofDetector do
   it 'rejects a file with an extension .html and identifies as jpeg' do
-    expect(FileValidators::Utils::MediaTypeSpoofDetector.new('image/jpeg', 'sample.html')).to be_spoofed
+    expect(described_class.new('image/jpeg', 'sample.html')).to be_spoofed
   end
 
   it 'does not reject a file with an extension .jpg and identifies as png' do
-    expect(FileValidators::Utils::MediaTypeSpoofDetector.new('image/png', 'sample.jpg')).not_to be_spoofed
+    expect(described_class.new('image/png', 'sample.jpg')).not_to be_spoofed
   end
 
   it 'does not reject a file with an extension .txt and identifies as text' do
-    expect(FileValidators::Utils::MediaTypeSpoofDetector.new('text/plain', 'sample.txt')).not_to be_spoofed
+    expect(described_class.new('text/plain', 'sample.txt')).not_to be_spoofed
   end
 
   it 'does not reject a file that does not have any name' do
-    expect(FileValidators::Utils::MediaTypeSpoofDetector.new('text/plain', '')).not_to be_spoofed
+    expect(described_class.new('text/plain', '')).not_to be_spoofed
   end
 
   it 'does not reject a file that does not have any extension' do
-    expect(FileValidators::Utils::MediaTypeSpoofDetector.new('text/plain', 'sample')).not_to be_spoofed
+    expect(described_class.new('text/plain', 'sample')).not_to be_spoofed
   end
 
   it 'rejects a file that does not have a basename but has an extension with mismatched media type' do
-    expect(FileValidators::Utils::MediaTypeSpoofDetector.new('image/jpeg', '.html')).to be_spoofed
+    expect(described_class.new('image/jpeg', '.html')).to be_spoofed
   end
 
   it 'does not reject a file that does not have a basename but has an extension with valid media type' do
-    expect(FileValidators::Utils::MediaTypeSpoofDetector.new('image/png', '.jpg')).not_to be_spoofed
+    expect(described_class.new('image/png', '.jpg')).not_to be_spoofed
   end
 end

data/spec/lib/file_validators/validators/file_content_type_validator_spec.rb

@@ -1,5 +1,4 @@
 require 'spec_helper'
-require 'file_validators/validators/file_content_type_validator'
 
 describe ActiveModel::Validations::FileContentTypeValidator do
   class Dummy
@@ -9,7 +8,7 @@ describe ActiveModel::Validations::FileContentTypeValidator do
   subject { Dummy }
 
   def build_validator(options)
-    @validator = ActiveModel::Validations::FileContentTypeValidator.new(options.merge(attributes: :avatar))
+    @validator = described_class.new(options.merge(attributes: :avatar))
   end
 
   context 'whitelist format' do
@@ -138,7 +137,7 @@ describe ActiveModel::Validations::FileContentTypeValidator do
     before { Dummy.validates_file_content_type :avatar, allow: 'image/jpg' }
 
     it 'adds the validator to the class' do
-      expect(Dummy.validators_on(:avatar)).to include(ActiveModel::Validations::FileContentTypeValidator)
+      expect(Dummy.validators_on(:avatar)).to include(described_class)
     end
   end
 
@@ -147,7 +146,7 @@ describe ActiveModel::Validations::FileContentTypeValidator do
       expect { build_validator message: 'Some message' }.to raise_error(ArgumentError)
     end
 
-    ActiveModel::Validations::FileContentTypeValidator::CHECKS.each do |argument|
+    described_class::CHECKS.each do |argument|
       it "does not raise error if :#{argument} is string, array, regexp or a proc" do
         expect { build_validator argument => 'image/jpg' }.not_to raise_error
         expect { build_validator argument => ['image/jpg'] }.not_to raise_error

data/spec/lib/file_validators/validators/file_size_validator_spec.rb

@@ -1,5 +1,4 @@
 require 'spec_helper'
-require 'file_validators/validators/file_size_validator'
 
 describe ActiveModel::Validations::FileSizeValidator do
   class Dummy
@@ -21,7 +20,7 @@ describe ActiveModel::Validations::FileSizeValidator do
   subject { Dummy }
 
   def build_validator(options)
-    @validator = ActiveModel::Validations::FileSizeValidator.new(options.merge(attributes: :avatar))
+    @validator = described_class.new(options.merge(attributes: :avatar))
   end
 
   context 'with :in option' do
@@ -174,7 +173,7 @@ describe ActiveModel::Validations::FileSizeValidator do
     before { Dummy.validates_file_size :avatar, in: (5.kilobytes..10.kilobytes) }
 
     it 'adds the validator to the class' do
-      expect(Dummy.validators_on(:avatar)).to include(ActiveModel::Validations::FileSizeValidator)
+      expect(Dummy.validators_on(:avatar)).to include(described_class)
     end
   end
 
@@ -183,7 +182,7 @@ describe ActiveModel::Validations::FileSizeValidator do
       expect { build_validator message: 'Some message' }.to raise_error(ArgumentError)
     end
 
-    (ActiveModel::Validations::FileSizeValidator::CHECKS.keys - [:in]).each do |argument|
+    (described_class::CHECKS.keys - [:in]).each do |argument|
       it "does not raise argument error if :#{argument} is numeric or a proc" do
         expect { build_validator argument => 5.kilobytes }.not_to raise_error
         expect { build_validator argument => lambda { |record| 5.kilobytes } }.not_to raise_error

data/spec/spec_helper.rb

@@ -2,7 +2,7 @@ ENV['RAILS_ENV'] ||= 'test'
 
 require 'active_support'
 require 'active_support/core_ext'
-require_relative '../lib/file_validators'
+require 'file_validators'
 require 'rspec'
 require 'coveralls'
 
@@ -10,8 +10,11 @@ Coveralls.wear!
 
 locale_path = Dir.glob(File.dirname(__FILE__) + '/locale/*.yml')
 I18n.load_path += locale_path unless I18n.load_path.include?(locale_path)
+I18n.enforce_available_locales = false
 
 Dir[File.join(File.dirname(__FILE__), 'support/**/*.rb')].each { |f| require f }
 
 RSpec.configure do |config|
+  # Suppress stdout in the console
+  config.before { allow($stdout).to receive(:write) }
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: file_validators
 version: !ruby/object:Gem::Version
-  version: 2.0.2
+  version: 2.1.0
 platform: ruby
 authors:
 - Ahmad Musaffa
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-09-08 00:00:00.000000000 Z
+date: 2016-04-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel
@@ -119,6 +119,7 @@ files:
 - ".rspec"
 - ".travis.yml"
 - Appraisals
+- CHANGELOG.mod
 - Gemfile
 - MIT-LICENSE
 - README.md
@@ -174,7 +175,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5.1
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: ActiveModel file validators