file_validators 2.1.0 → 3.0.0

data/CHANGELOG.mod

@@ -1,6 +0,0 @@
-# 2.1.0
-
-* Use autoload for lazy loading of libraries
-* Media type spoof valiation is moved to content type detector
-* spoofed_file_media_type message isn't needed anymore
-* Show logger info and warning

data/gemfiles/activemodel_3.1.gemfile

@@ -1,8 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "appraisal"
-gem "activemodel", "3.1.12"
-
-gemspec :path => "../"

data/lib/file_validators/utils/content_type_detector.rb

@@ -1,64 +0,0 @@
-require 'logger'
-
-begin
-  require 'cocaine'
-rescue LoadError
-  puts "file_validators requires 'cocaine' gem as you are using file content type validations in strict mode"
-end
-
-module FileValidators
-  module Utils
-
-    class ContentTypeDetector
-      EMPTY_CONTENT_TYPE = 'inode/x-empty'
-      DEFAULT_CONTENT_TYPE = 'application/octet-stream'
-
-      attr_accessor :file_path, :file_name
-
-      def initialize(file_path, file_name)
-        @file_path = file_path
-        @file_name = file_name
-      end
-
-      # content type detection strategy:
-      #
-      # 1. empty file: returns 'inode/x-empty'
-      # 2. nonempty file: if the file is not empty then returns the content type using file command
-      # 3. invalid file: file command raises error and returns 'application/octet-stream'
-
-      def detect
-        empty_file? ? EMPTY_CONTENT_TYPE : content_type_from_content
-      end
-
-      private
-
-      def empty_file?
-        File.exists?(file_path) && File.size(file_path) == 0
-      end
-
-      def content_type_from_content
-        content_type = type_from_file_command
-
-        if FileValidators::Utils::MediaTypeSpoofDetector.new(content_type, file_name).spoofed?
-          logger.warn('A file with a spoofed media type has been detected by the file validators.')
-        else
-          content_type
-        end
-      end
-
-      def type_from_file_command
-        begin
-          Cocaine::CommandLine.new('file', '-b --mime-type :file').run(file: @file_path).strip
-        rescue Cocaine::CommandLineError => e
-          logger.info(e.message)
-          DEFAULT_CONTENT_TYPE
-        end
-      end
-
-      def logger
-        Logger.new(STDOUT)
-      end
-    end
-
-  end
-end

data/lib/file_validators/utils/media_type_spoof_detector.rb

@@ -1,46 +0,0 @@
-require 'mime/types'
-
-module FileValidators
-  module Utils
-
-    class MediaTypeSpoofDetector
-      def initialize(content_type, file_name)
-        @content_type = content_type
-        @file_name = file_name
-      end
-
-      # media type spoof detection strategy:
-      #
-      # 1. it will not identify as spoofed if file name doesn't have any extension
-      # 2. it will identify as spoofed if any of the file extension's media types
-      # matches the media type of the content type. So it will return true for
-      # `text` of `text/plain` mismatch with `image` of `image/jpeg`, but return false
-      # for `image` of `image/png` match with `image` of `image/jpeg`.
-
-      def spoofed?
-        has_extension? and media_type_mismatch?
-      end
-
-      private
-
-      def has_extension?
-        # the following code replaced File.extname(@file_name).present? because it cannot
-        # return the extension of a extension-only file names, e.g. '.html', '.jpg' etc
-        @file_name.split('.').length > 1
-      end
-
-      def media_type_mismatch?
-        supplied_media_types.none? { |type| type == detected_media_type }
-      end
-
-      def supplied_media_types
-        MIME::Types.type_for(@file_name).collect(&:media_type)
-      end
-
-      def detected_media_type
-        @content_type.split('/').first
-      end
-    end
-
-  end
-end

data/spec/lib/file_validators/utils/content_type_detector_spec.rb

@@ -1,27 +0,0 @@
-require 'spec_helper'
-require 'tempfile'
-
-describe FileValidators::Utils::ContentTypeDetector do
-  it 'returns the empty content type when the file is empty' do
-    tempfile = Tempfile.new('empty')
-    expect(described_class.new(tempfile.path, tempfile.path).detect).to eql('inode/x-empty')
-    tempfile.close
-  end
-
-  it 'returns a content type based on the content of the file' do
-    tempfile = Tempfile.new('something')
-    tempfile.write('This is a file.')
-    tempfile.rewind
-    expect(described_class.new(tempfile.path, tempfile.path).detect).to eql('text/plain')
-    tempfile.close
-  end
-
-  it 'returns a sensible default when the file path is empty' do
-    expect(described_class.new('', '').detect).to eql('application/octet-stream')
-  end
-
-  it 'returns a sensible default if the file path is invalid' do
-    file_path = '/path/to/nothing'
-    expect(described_class.new(file_path, file_path).detect).to eql('application/octet-stream')
-  end
-end

data/spec/lib/file_validators/utils/media_type_spoof_detector_spec.rb

@@ -1,31 +0,0 @@
-require 'spec_helper'
-
-describe FileValidators::Utils::MediaTypeSpoofDetector do
-  it 'rejects a file with an extension .html and identifies as jpeg' do
-    expect(described_class.new('image/jpeg', 'sample.html')).to be_spoofed
-  end
-
-  it 'does not reject a file with an extension .jpg and identifies as png' do
-    expect(described_class.new('image/png', 'sample.jpg')).not_to be_spoofed
-  end
-
-  it 'does not reject a file with an extension .txt and identifies as text' do
-    expect(described_class.new('text/plain', 'sample.txt')).not_to be_spoofed
-  end
-
-  it 'does not reject a file that does not have any name' do
-    expect(described_class.new('text/plain', '')).not_to be_spoofed
-  end
-
-  it 'does not reject a file that does not have any extension' do
-    expect(described_class.new('text/plain', 'sample')).not_to be_spoofed
-  end
-
-  it 'rejects a file that does not have a basename but has an extension with mismatched media type' do
-    expect(described_class.new('image/jpeg', '.html')).to be_spoofed
-  end
-
-  it 'does not reject a file that does not have a basename but has an extension with valid media type' do
-    expect(described_class.new('image/png', '.jpg')).not_to be_spoofed
-  end
-end