file_validators 2.0.2 → 3.0.0.beta2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: ff6c87fab7ee11b1ce0fb5770332f0f1b22c5b96
-  data.tar.gz: c5b54b8b7b01b685b0f9ee3097c3f8cecbe8ddc0
+SHA256:
+  metadata.gz: 7536b453f528e82937d43e4349c6cb99f990832023a5567d125b817b59f3b71a
+  data.tar.gz: e33270b079d15c08aed6a2b3e1f2aab9f61d39fc222f9c42e15a0a9a34f82885
 SHA512:
-  metadata.gz: 87bf7a8b288777610e8365b486ba806715ee155cc2c5b808aadea4b4f95e1bb18398d394b10af215ffde63fe0babbbc9ea70d265005a727cb31d7b01966ad69a
-  data.tar.gz: d05f373a6c43907891cbdc0358e3f0389027b2b10b41d788a83db65cb6edca23b3bdf3910bd82c8ebb45b350c368b94884033a0f98f5d65093bf00ff7b0d034d
+  metadata.gz: 2c47e7fe802dc65553c2dfa5a72c2d05d97d4d14dcdf2c6826f7ae18e586a8754b1b4dc07c20abec2038b55c6d1766df96c19f968217630270586c92bab4101f
+  data.tar.gz: b8b0c693d4314614c2cd8f72a699b48c666487c4b44221f25daf9f70cc0d27d1b09766b9ef8e035ed14690ea9d24aac10cdbcc62d1e89bf2a683e46a7e39fec0

data/.gitignore

@@ -10,3 +10,6 @@ Gemfile.lock
 gemfiles/*.lock
 coverage/
 /.idea
+.ruby-version
+.agignore
+tags

data/.rubocop.yml

@@ -0,0 +1,32 @@
+Bundler/OrderedGems:
+  Enabled: false
+
+Style/Documentation:
+  Enabled: false
+
+Style/MissingRespondToMissing:
+  Enabled: false
+
+Style/CaseEquality:
+  Enabled: false
+
+Style/GuardClause:
+  Enabled: false
+
+Style/RegexpLiteral:
+  Enabled: false
+
+Style/Next:
+  Enabled: false
+
+Metrics/LineLength:
+  Max: 110
+
+Metrics/ModuleLength:
+  Enabled: false
+
+Metrics/BlockLength:
+  Enabled: false
+
+Metrics/MethodLength:
+  Enabled: false

data/.tool-versions

@@ -0,0 +1 @@
+ruby 2.3.1

data/.travis.yml

@@ -1,11 +1,39 @@
 language: ruby
+
 rvm:
-  - 1.9.3
-  - 2.2.2
+  - 2.2.3
+  - 2.5.0
+  - ruby-head
+  - jruby-9.0.4.0
+  - jruby-9.1.7.0
+
 gemfile:
+  - gemfiles/activemodel_5.2.gemfile
+  - gemfiles/activemodel_5.0.gemfile
   - gemfiles/activemodel_4.2.gemfile
-  - gemfiles/activemodel_4.1.gemfile
   - gemfiles/activemodel_4.0.gemfile
   - gemfiles/activemodel_3.2.gemfile
-  - gemfiles/activemodel_3.1.gemfile
-  - gemfiles/activemodel_3.0.gemfile
+
+matrix:
+  exclude:
+  - rvm: 2.5.0
+    gemfile: gemfiles/activemodel_3.2.gemfile
+  - rvm: 2.5.0
+    gemfile: gemfiles/activemodel_4.0.gemfile
+  - rvm: 2.5.0
+    gemfile: gemfiles/activemodel_4.2.gemfile
+
+  - rvm: ruby-head
+    gemfile: gemfiles/activemodel_3.2.gemfile
+  - rvm: ruby-head
+    gemfile: gemfiles/activemodel_4.0.gemfile
+  - rvm: ruby-head
+    gemfile: gemfiles/activemodel_4.2.gemfile
+
+  - rvm: jruby-9.0.4.0
+    gemfile: gemfiles/activemodel_5.0.gemfile
+  - rvm: jruby-9.0.4.0
+    gemfile: gemfiles/activemodel_5.2.gemfile
+
+  allow_failures:
+  - rvm: ruby-head

data/Appraisals

@@ -1,23 +1,29 @@
-appraise 'activemodel-3.0' do
-  gem 'activemodel', '3.0.20'
-end
-
-appraise 'activemodel-3.1' do
-  gem 'activemodel', '3.1.12'
-end
+# frozen_string_literal: true
 
 appraise 'activemodel-3.2' do
-  gem 'activemodel', '3.2.18'
+  gem 'activemodel', '3.2.22.5'
+  gem 'rack', '1.6.5'
 end
 
 appraise 'activemodel-4.0' do
-  gem 'activemodel', '4.0.10'
+  gem 'activemodel', '4.0.13'
+  gem 'rack', '1.6.5'
 end
 
 appraise 'activemodel-4.1' do
   gem 'activemodel', '4.1.6'
+  gem 'rack', '1.6.5'
 end
 
 appraise 'activemodel-4.2' do
-  gem 'activemodel', '4.2.3'
+  gem 'activemodel', '4.2.7.1'
+  gem 'rack', '1.6.5'
+end
+
+appraise 'activemodel-5.0' do
+  gem 'activemodel', '5.0.1'
+end
+
+appraise 'activemodel-5.2' do
+  gem 'activemodel', '5.2.1'
 end

data/CHANGELOG.md

@@ -0,0 +1,26 @@
+# 3.0.0.beta2
+
+* [#32](https://github.com/musaffa/file_validators/pull/32) Removed terrapin. Added options for choosing MIME type analyzers with `:tool` option.
+* Rubocop style guide
+
+# 3.0.0.beta1
+
+* [#29](https://github.com/musaffa/file_validators/pull/29) Upgrade cocaine to terrapin
+* Rubocop style guide
+
+# 2.3.0
+
+* [#19](https://github.com/musaffa/file_validators/pull/19) Return false with blank size
+* [#27](https://github.com/musaffa/file_validators/pull/27) Fix file size validator for ActiveStorage
+
+# 2.2.0-beta.1
+
+* [#17](https://github.com/musaffa/file_validators/pull/17) Now Supports multiple file uploads
+* As activemodel 3.0 and 3.1 doesn't support `added?` method on the Errors class, the support for both of them have been deprecated in this release.
+
+# 2.1.0
+
+* Use autoload for lazy loading of libraries.
+* Media type spoof valiation is moved to content type detector.
+* `spoofed_file_media_type` message isn't needed anymore.
+* Logger info and warning is added.

data/Gemfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 # Declare your gem's dependencies in file_validators.gemspec.

data/README.md

@@ -12,8 +12,11 @@ Any module that uses ActiveModel, for example ActiveRecord, can use these file v
 
 ## Support
 
-* ActiveModel versions: 3 and 4.
-* Rails versions: 3 and 4.
+* ActiveModel versions: 3.2, 4 and 5.
+* Rails versions: 3.2, 4 and 5.
+
+As of version `2.2`, activemodel 3.0 and 3.1 will no longer be supported.
+For activemodel 3.0 and 3.1, please use file_validators version `<= 2.1`.
 
 It has been tested to work with Carrierwave, Paperclip, Dragonfly, Refile etc file uploading solutions.
 Validations works both before and after uploads.
@@ -36,7 +39,7 @@ class Profile
 
   attr_accessor :avatar
   validates :avatar, file_size: { less_than_or_equal_to: 100.kilobytes },
-                     file_content_type: { allow: ['image/jpeg', 'image/png'] } 
+                     file_content_type: { allow: ['image/jpeg', 'image/png'] }
 end
 ```
 ActiveRecord example:
@@ -64,23 +67,23 @@ validates :avatar, file_size: { less_than: 2.gigabytes }
 ```
 * `less_than_or_equal_to`: Less than or equal to a number in bytes or a proc that returns a number
 ```ruby
-validates :avatar, file_size: { less_than_or_equal_to: 50.bytes } 
+validates :avatar, file_size: { less_than_or_equal_to: 50.bytes }
 ```
 * `greater_than`: greater than a number in bytes or a proc that returns a number
 ```ruby
-validates :avatar, file_size: { greater_than: 1.byte } 
+validates :avatar, file_size: { greater_than: 1.byte }
 ```
 * `greater_than_or_equal_to`: Greater than or equal to a number in bytes or a proc that returns a number
 ```ruby
-validates :avatar, file_size: { greater_than_or_equal_to: 50.bytes } 
+validates :avatar, file_size: { greater_than_or_equal_to: 50.bytes }
 ```
-* `message`: Error message to display. With all the options above except `:in`, you will get `count` as a replacement. 
-With `:in` you will get `min` and `max` as replacements. 
+* `message`: Error message to display. With all the options above except `:in`, you will get `count` as a replacement.
+With `:in` you will get `min` and `max` as replacements.
 `count`, `min` and `max` each will have its value and unit together.
 You can write error messages without using any replacement.
 ```ruby
 validates :avatar, file_size: { less_than: 100.kilobytes,
-                                message: 'avatar should be less than %{count}' } 
+                                message: 'avatar should be less than %{count}' }
 ```
 ```ruby
 validates :document, file_size: { in: 1.kilobyte..1.megabyte,
@@ -139,8 +142,13 @@ validates :video, file_content_type: { allow: lambda { |record| record.content_t
 can be a String or a Regexp. It also accepts `proc`. See `:allow` options examples.
 * `mode`: `:strict` or `:relaxed`. `:strict` mode can detect content type based on the contents
 of the files. It also detects media type spoofing (see more in [security](#security)).
-`:relaxed` mode uses file name to detect the content type using `mime-types` gem.
-If mode option is not set then the validator uses form supplied content type.
+`:file` analyzer is used in `:strict` model. `:relaxed` mode uses file name to detect
+the content type. `mime_types` analyzer is used in `relaxed` mode. If mode option is not
+set then the validator uses form supplied content type.
+* `tool`: `:file`, `:fastimage`, `:filemagic`, `:mimemagic`, `:marcel`, `:mime_types`, `:mini_mime`.
+You can choose one of these built-in MIME type analyzers. You have to install the analyzer gem you choose.
+By default supplied content type is used to determine the MIME type. This option takes precedence
+over `mode` option.
 ```ruby
 validates :avatar, file_content_type: { allow: 'image/jpeg', mode: :strict }
 validates :avatar, file_content_type: { allow: 'image/jpeg', mode: :relaxed }
@@ -169,7 +177,7 @@ validates :avatar, file_content_type: { allow: /^image\/.*/, exclude: ['image/pn
 This gem can use Unix file command to get the content type based on the content of the file rather
 than the extension. This prevents fake content types inserted in the request header.
 
-It also prevents file media type spoofing. For example, user may upload a .html document as 
+It also prevents file media type spoofing. For example, user may upload a .html document as
 a part of the EXIF header of a valid JPEG file. Content type validator will identify its content type
 as `image/jpeg` and, without spoof detection, it may pass the validation and be saved as .html document
 thus exposing your application to a security vulnerability. Media type spoof detector wont let that happen.
@@ -177,8 +185,8 @@ It will not allow a file having `image/jpeg` content type to be saved as `text/p
 type mismatch, for example `text` of `text/plain` and `image` of `image/jpeg`. So it will not prevent
 `image/jpeg` from saving as `image/png` as both have the same `image` media type.
 
-**note**: This security feature is disabled by default. To enable it, first add `cocaine` gem in
-your Gemfile and then add `mode: :strict` option in [content type validations](#file-content-type-validator).
+**note**: This security feature is disabled by default. To enable it, add `mode: :strict` option
+in [content type validations](#file-content-type-validator).
 `:strict` mode may not work in direct file uploading systems as the file is not passed along with the form.
 
 ## i18n Translations
@@ -191,8 +199,6 @@ File Size Errors
 * `file_size_is_greater_than_or_equal_to`: takes `count` as replacement
 
 Content Type Errors
-* `spoofed_file_media_type`: generated when file media type from its extension doesn't match the media type of its
-content. learn more from [security](#Security).
 * `allowed_file_content_types`: generated when you have specified allowed types but the content type
 of the file doesn't match. takes `types` as replacement.
 * `excluded_file_content_types`: generated when you have specified excluded types and the content type
@@ -200,7 +206,7 @@ of the file matches anyone of them. takes `types` as replacement.
 
 This gem provides `en` translations for this errors under `errors.messages` namespace.
 If you want to override and/or create other locales, you can
-check [this](https://github.com/musaffa/file_validators/blob/master/lib/file_validators/locale/en.yml) out to see how translations are done.  
+check [this](https://github.com/musaffa/file_validators/blob/master/lib/file_validators/locale/en.yml) out to see how translations are done.
 
 You can override all of them with the `:message` option.
 
@@ -249,10 +255,15 @@ uploaders start processing a file immediately after its assignment (even before
 
 ## Tests
 
-```ruby
-rake
-rake test:unit
-rake test:integration
+```Shell
+$ rake
+$ rake test:unit
+$ rake test:integration
+$ rubocop
+
+# test different active model versions
+$ bundle exec appraisal install
+$ bundle exec appraisal rake
 ```
 
 ## Problems

data/Rakefile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 begin
   require 'bundler/setup'
 rescue LoadError
@@ -16,7 +18,7 @@ namespace :test do
   end
 end
 
-task :default => ['test:unit', 'test:integration']
+task default: ['test:unit', 'test:integration']
 
 # require 'rdoc/task'
 

data/file_validators.gemspec

@@ -1,4 +1,6 @@
-$:.push File.expand_path('../lib', __FILE__)
+# frozen_string_literal: true
+
+$LOAD_PATH.push File.expand_path('lib', __dir__)
 
 require 'file_validators/version'
 
@@ -12,17 +14,21 @@ Gem::Specification.new do |s|
   s.homepage    = 'https://github.com/musaffa/file_validators'
   s.license     = 'MIT'
 
-  s.files         = `git ls-files`.split($/)
+  s.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
   s.executables   = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
   s.test_files    = s.files.grep(%r{^spec/})
-  s.require_paths  = ['lib']
+  s.require_paths = ['lib']
 
-  s.add_dependency 'activemodel', '>= 3.0'
+  s.add_dependency 'activemodel', '>= 3.2'
   s.add_dependency 'mime-types', '>= 1.0'
 
-  s.add_development_dependency 'cocaine', '~> 0.5.4'
-  s.add_development_dependency 'rake'
-  s.add_development_dependency 'rspec', '~> 3.1.0'
   s.add_development_dependency 'coveralls'
+  s.add_development_dependency 'fastimage'
+  s.add_development_dependency 'marcel', '~> 0.3' if RUBY_VERSION >= '2.2.0'
+  s.add_development_dependency 'mimemagic', '>= 0.3.2'
+  s.add_development_dependency 'mini_mime', '~> 1.0'
   s.add_development_dependency 'rack-test'
+  s.add_development_dependency 'rake'
+  s.add_development_dependency 'rspec', '~> 3.5.0'
+  s.add_development_dependency 'rubocop', '~> 0.58.2'
 end

data/gemfiles/activemodel_3.2.gemfile

@@ -3,6 +3,7 @@
 source "https://rubygems.org"
 
 gem "appraisal"
-gem "activemodel", "3.2.18"
+gem "activemodel", "3.2.22.5"
+gem "rack", "1.6.5"
 
 gemspec :path => "../"

data/gemfiles/activemodel_4.0.gemfile

@@ -3,6 +3,7 @@
 source "https://rubygems.org"
 
 gem "appraisal"
-gem "activemodel", "4.0.10"
+gem "activemodel", "4.0.13"
+gem "rack", "1.6.5"
 
 gemspec :path => "../"

data/gemfiles/activemodel_4.1.gemfile

@@ -4,5 +4,6 @@ source "https://rubygems.org"
 
 gem "appraisal"
 gem "activemodel", "4.1.6"
+gem "rack", "1.6.5"
 
 gemspec :path => "../"

data/gemfiles/activemodel_4.2.gemfile

@@ -3,6 +3,7 @@
 source "https://rubygems.org"
 
 gem "appraisal"
-gem "activemodel", "4.2.3"
+gem "activemodel", "4.2.7.1"
+gem "rack", "1.6.5"
 
 gemspec :path => "../"

data/gemfiles/{activemodel_3.0.gemfile → activemodel_5.0.gemfile}

@@ -3,6 +3,6 @@
 source "https://rubygems.org"
 
 gem "appraisal"
-gem "activemodel", "3.0.20"
+gem "activemodel", "5.0.1"
 
 gemspec :path => "../"

data/gemfiles/{activemodel_3.1.gemfile → activemodel_5.2.gemfile}

@@ -3,6 +3,6 @@
 source "https://rubygems.org"
 
 gem "appraisal"
-gem "activemodel", "3.1.12"
+gem "activemodel", "5.2.1"
 
 gemspec :path => "../"

data/lib/file_validators.rb

@@ -1,6 +1,15 @@
+# frozen_string_literal: true
+
 require 'active_model'
-require 'file_validators/validators/file_size_validator'
-require 'file_validators/validators/file_content_type_validator'
+require 'ostruct'
+
+module FileValidators
+  extend ActiveSupport::Autoload
+  autoload :Error
+  autoload :MimeTypeAnalyzer
+end
+
+Dir[File.dirname(__FILE__) + '/file_validators/validators/*.rb'].each { |file| require file }
 
 locale_path = Dir.glob(File.dirname(__FILE__) + '/file_validators/locale/*.yml')
 I18n.load_path += locale_path unless I18n.load_path.include?(locale_path)

data/lib/file_validators/error.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module FileValidators
+  class Error < StandardError
+  end
+end

data/lib/file_validators/locale/en.yml

@@ -7,7 +7,5 @@ en:
       file_size_is_greater_than: ! 'file size must be greater than %{count}'
       file_size_is_greater_than_or_equal_to: ! 'file size must be greater than or equal to %{count}'
 
-      spoofed_file_media_type: file has an extension that does not match its contents
       allowed_file_content_types: ! 'file should be one of %{types}'
       excluded_file_content_types: ! 'file cannot be %{types}'
-

data/lib/file_validators/mime_type_analyzer.rb

@@ -0,0 +1,106 @@
+# frozen_string_literal: true
+
+# Extracted from shrine/plugins/determine_mime_type.rb
+module FileValidators
+  class MimeTypeAnalyzer
+    SUPPORTED_TOOLS = %i[fastimage file filemagic mimemagic marcel mime_types mini_mime].freeze
+    MAGIC_NUMBER    = 256 * 1024
+
+    def initialize(tool)
+      raise Error, "unknown mime type analyzer #{tool.inspect}, supported analyzers are: #{SUPPORTED_TOOLS.join(',')}" unless SUPPORTED_TOOLS.include?(tool)
+
+      @tool = tool
+    end
+
+    def call(io)
+      mime_type = send(:"extract_with_#{@tool}", io)
+      io.rewind
+
+      mime_type
+    end
+
+    private
+
+    def extract_with_file(io)
+      require 'open3'
+
+      return nil if io.eof? # file command returns "application/x-empty" for empty files
+
+      Open3.popen3(*%W[file --mime-type --brief -]) do |stdin, stdout, stderr, thread|
+        begin
+          IO.copy_stream(io, stdin.binmode)
+        rescue Errno::EPIPE
+        end
+        stdin.close
+
+        status = thread.value
+
+        raise Error, "file command failed to spawn: #{stderr.read}" if status.nil?
+        raise Error, "file command failed: #{stderr.read}" unless status.success?
+        $stderr.print(stderr.read)
+
+        stdout.read.strip
+      end
+    rescue Errno::ENOENT
+      raise Error, 'file command-line tool is not installed'
+    end
+
+    def extract_with_fastimage(io)
+      require 'fastimage'
+
+      type = FastImage.type(io)
+      "image/#{type}" if type
+    end
+
+    def extract_with_filemagic(io)
+      require 'filemagic'
+
+      return nil if io.eof? # FileMagic returns "application/x-empty" for empty files
+
+      FileMagic.open(FileMagic::MAGIC_MIME_TYPE) do |filemagic|
+        filemagic.buffer(io.read(MAGIC_NUMBER))
+      end
+    end
+
+    def extract_with_mimemagic(io)
+      require 'mimemagic'
+
+      mime = MimeMagic.by_magic(io)
+      mime.type if mime
+    end
+
+    def extract_with_marcel(io)
+      require 'marcel'
+
+      return nil if io.eof? # marcel returns "application/octet-stream" for empty files
+
+      Marcel::MimeType.for(io)
+    end
+
+    def extract_with_mime_types(io)
+      require 'mime/types'
+
+      if filename = extract_filename(io)
+        mime_type = MIME::Types.of(filename).first
+        mime_type.content_type if mime_type
+      end
+    end
+
+    def extract_with_mini_mime(io)
+      require 'mini_mime'
+
+      if filename = extract_filename(io)
+        info = MiniMime.lookup_by_filename(filename)
+        info.content_type if info
+      end
+    end
+
+    def extract_filename(io)
+      if io.respond_to?(:original_filename)
+        io.original_filename
+      elsif io.respond_to?(:path)
+        File.basename(io.path)
+      end
+    end
+  end
+end