RubyGems - file_validators - Versions diffs - 2.1.0 → 3.0.0 - Mend

file_validators 2.1.0 → 3.0.0

Files changed (40) hide show

checksums.yaml +5 -5
data/.gitignore +2 -0
data/.rubocop.yml +32 -0
data/.tool-versions +1 -0
data/.travis.yml +43 -7
data/Appraisals +13 -13
data/CHANGELOG.md +31 -0
data/Gemfile +2 -0
data/README.md +26 -18
data/Rakefile +3 -1
data/file_validators.gemspec +13 -7
data/gemfiles/activemodel_3.2.gemfile +2 -1
data/gemfiles/activemodel_4.0.gemfile +2 -1
data/gemfiles/{activemodel_4.2.gemfile → activemodel_5.0.gemfile} +1 -1
data/gemfiles/{activemodel_4.1.gemfile → activemodel_6.0.gemfile} +1 -1
data/gemfiles/{activemodel_3.0.gemfile → activemodel_6.1.gemfile} +1 -1
data/lib/file_validators.rb +6 -7
data/lib/file_validators/error.rb +6 -0
data/lib/file_validators/mime_type_analyzer.rb +106 -0
data/lib/file_validators/validators/file_content_type_validator.rb +37 -33
data/lib/file_validators/validators/file_size_validator.rb +62 -19
data/lib/file_validators/version.rb +3 -1
data/spec/integration/combined_validators_integration_spec.rb +3 -1
data/spec/integration/file_content_type_validation_integration_spec.rb +117 -11
data/spec/integration/file_size_validator_integration_spec.rb +100 -10
data/spec/lib/file_validators/mime_type_analyzer_spec.rb +139 -0
data/spec/lib/file_validators/validators/file_content_type_validator_spec.rb +90 -32
data/spec/lib/file_validators/validators/file_size_validator_spec.rb +84 -30
data/spec/spec_helper.rb +5 -0
data/spec/support/fakeio.rb +17 -0
data/spec/support/helpers.rb +7 -0
data/spec/support/matchers/allow_content_type.rb +2 -0
data/spec/support/matchers/allow_file_size.rb +2 -0
metadata +86 -28
data/CHANGELOG.mod +0 -6
data/gemfiles/activemodel_3.1.gemfile +0 -8
data/lib/file_validators/utils/content_type_detector.rb +0 -64
data/lib/file_validators/utils/media_type_spoof_detector.rb +0 -46
data/spec/lib/file_validators/utils/content_type_detector_spec.rb +0 -27
data/spec/lib/file_validators/utils/media_type_spoof_detector_spec.rb +0 -31

data/CHANGELOG.mod DELETED

@@ -1,6 +0,0 @@
-# 2.1.0
-* Use autoload for lazy loading of libraries
-* Media type spoof valiation is moved to content type detector
-* spoofed_file_media_type message isn't needed anymore
-* Show logger info and warning

data/gemfiles/activemodel_3.1.gemfile DELETED

@@ -1,8 +0,0 @@
-# This file was generated by Appraisal
-source "https://rubygems.org"
-gem "appraisal"
-gem "activemodel", "3.1.12"
-gemspec :path => "../"

data/lib/file_validators/utils/content_type_detector.rb DELETED

@@ -1,64 +0,0 @@
-require 'logger'
-begin
-  require 'cocaine'
-rescue LoadError
-  puts "file_validators requires 'cocaine' gem as you are using file content type validations in strict mode"
-end
-module FileValidators
-  module Utils
-    class ContentTypeDetector
-      EMPTY_CONTENT_TYPE = 'inode/x-empty'
-      DEFAULT_CONTENT_TYPE = 'application/octet-stream'
-      attr_accessor :file_path, :file_name
-      def initialize(file_path, file_name)
-        @file_path = file_path
-        @file_name = file_name
-      end
-      # content type detection strategy:
-      #
-      # 1. empty file: returns 'inode/x-empty'
-      # 2. nonempty file: if the file is not empty then returns the content type using file command
-      # 3. invalid file: file command raises error and returns 'application/octet-stream'
-      def detect
-        empty_file? ? EMPTY_CONTENT_TYPE : content_type_from_content
-      end
-      private
-      def empty_file?
-        File.exists?(file_path) && File.size(file_path) == 0
-      end
-      def content_type_from_content
-        content_type = type_from_file_command
-        if FileValidators::Utils::MediaTypeSpoofDetector.new(content_type, file_name).spoofed?
-          logger.warn('A file with a spoofed media type has been detected by the file validators.')
-        else
-          content_type
-        end
-      end
-      def type_from_file_command
-        begin
-          Cocaine::CommandLine.new('file', '-b --mime-type :file').run(file: @file_path).strip
-        rescue Cocaine::CommandLineError => e
-          logger.info(e.message)
-          DEFAULT_CONTENT_TYPE
-        end
-      end
-      def logger
-        Logger.new(STDOUT)
-      end
-    end
-  end
-end

data/lib/file_validators/utils/media_type_spoof_detector.rb DELETED

@@ -1,46 +0,0 @@
-require 'mime/types'
-module FileValidators
-  module Utils
-    class MediaTypeSpoofDetector
-      def initialize(content_type, file_name)
-        @content_type = content_type
-        @file_name = file_name
-      end
-      # media type spoof detection strategy:
-      #
-      # 1. it will not identify as spoofed if file name doesn't have any extension
-      # 2. it will identify as spoofed if any of the file extension's media types
-      # matches the media type of the content type. So it will return true for
-      # `text` of `text/plain` mismatch with `image` of `image/jpeg`, but return false
-      # for `image` of `image/png` match with `image` of `image/jpeg`.
-      def spoofed?
-        has_extension? and media_type_mismatch?
-      end
-      private
-      def has_extension?
-        # the following code replaced File.extname(@file_name).present? because it cannot
-        # return the extension of a extension-only file names, e.g. '.html', '.jpg' etc
-        @file_name.split('.').length > 1
-      end
-      def media_type_mismatch?
-        supplied_media_types.none? { |type| type == detected_media_type }
-      end
-      def supplied_media_types
-        MIME::Types.type_for(@file_name).collect(&:media_type)
-      end
-      def detected_media_type
-        @content_type.split('/').first
-      end
-    end
-  end
-end

data/spec/lib/file_validators/utils/content_type_detector_spec.rb DELETED

@@ -1,27 +0,0 @@
-require 'spec_helper'
-require 'tempfile'
-describe FileValidators::Utils::ContentTypeDetector do
-  it 'returns the empty content type when the file is empty' do
-    tempfile = Tempfile.new('empty')
-    expect(described_class.new(tempfile.path, tempfile.path).detect).to eql('inode/x-empty')
-    tempfile.close
-  end
-  it 'returns a content type based on the content of the file' do
-    tempfile = Tempfile.new('something')
-    tempfile.write('This is a file.')
-    tempfile.rewind
-    expect(described_class.new(tempfile.path, tempfile.path).detect).to eql('text/plain')
-    tempfile.close
-  end
-  it 'returns a sensible default when the file path is empty' do
-    expect(described_class.new('', '').detect).to eql('application/octet-stream')
-  end
-  it 'returns a sensible default if the file path is invalid' do
-    file_path = '/path/to/nothing'
-    expect(described_class.new(file_path, file_path).detect).to eql('application/octet-stream')
-  end
-end

data/spec/lib/file_validators/utils/media_type_spoof_detector_spec.rb DELETED

@@ -1,31 +0,0 @@
-require 'spec_helper'
-describe FileValidators::Utils::MediaTypeSpoofDetector do
-  it 'rejects a file with an extension .html and identifies as jpeg' do
-    expect(described_class.new('image/jpeg', 'sample.html')).to be_spoofed
-  end
-  it 'does not reject a file with an extension .jpg and identifies as png' do
-    expect(described_class.new('image/png', 'sample.jpg')).not_to be_spoofed
-  end
-  it 'does not reject a file with an extension .txt and identifies as text' do
-    expect(described_class.new('text/plain', 'sample.txt')).not_to be_spoofed
-  end
-  it 'does not reject a file that does not have any name' do
-    expect(described_class.new('text/plain', '')).not_to be_spoofed
-  end
-  it 'does not reject a file that does not have any extension' do
-    expect(described_class.new('text/plain', 'sample')).not_to be_spoofed
-  end
-  it 'rejects a file that does not have a basename but has an extension with mismatched media type' do
-    expect(described_class.new('image/jpeg', '.html')).to be_spoofed
-  end
-  it 'does not reject a file that does not have a basename but has an extension with valid media type' do
-    expect(described_class.new('image/png', '.jpg')).not_to be_spoofed
-  end
-end