file_validators 2.3.0 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 0353fd8c53123663ec484c7172c2df4d572f95dd
-  data.tar.gz: b1eb811cfea7257288ff5e588621f78aeff39896
+SHA256:
+  metadata.gz: 3a55a08bc74303b69e964f61e3726e8ee00278c4cd0cd6fc217691c85114bcfb
+  data.tar.gz: be3b6d628de09d262a97abf3099ff66fd2e89dd27eec3030523a7f36c82e17df
 SHA512:
-  metadata.gz: 002f91a5243bf85650572ecb80a5283a25aafd6cdda3d4e9fe19bba988f597f3db228e583dc113bb54fb1c7973bc0caa9fc409592f10ff1c75c075438959fcf7
-  data.tar.gz: a1860e71ee7054624f2cf368802e1af2ee302886ecfca99c0ff43b948c6cf3af3d9264e62b1c877220fb465c18a5df6e11b507d42dbe03c29612e0e2f8513dd7
+  metadata.gz: cf5b75fb78eaf84f42abef75255572b1917012fbdbdd70d771da14c366619677fb69f4c45d688b8851d5b99dbba44ccd08da6c7025c3819c40259e23502f5c61
+  data.tar.gz: 92e9c49f94d8cbc1c2f8aa7425527e84555e94d25c12b6ca1b51e4d5e51f765defb274264996174e6757d8606270f5513232be64d234717075abab8680d8f7c9

data/.rubocop.yml

@@ -0,0 +1,32 @@
+Bundler/OrderedGems:
+  Enabled: false
+
+Style/Documentation:
+  Enabled: false
+
+Style/MissingRespondToMissing:
+  Enabled: false
+
+Style/CaseEquality:
+  Enabled: false
+
+Style/GuardClause:
+  Enabled: false
+
+Style/RegexpLiteral:
+  Enabled: false
+
+Style/Next:
+  Enabled: false
+
+Metrics/LineLength:
+  Max: 110
+
+Metrics/ModuleLength:
+  Enabled: false
+
+Metrics/BlockLength:
+  Enabled: false
+
+Metrics/MethodLength:
+  Enabled: false

data/.tool-versions

@@ -0,0 +1 @@
+ruby 2.3.1

data/.travis.yml

@@ -1,25 +1,55 @@
 language: ruby
 
 rvm:
-  - 2.0
   - 2.2.3
+  - 2.5.0
+  - 3.0.0
   - ruby-head
-  - jruby-9.0.4.0
   - jruby-9.1.7.0
+  - jruby-9.2.13.0
 
 gemfile:
+  - gemfiles/activemodel_6.1.gemfile
+  - gemfiles/activemodel_6.0.gemfile
   - gemfiles/activemodel_5.0.gemfile
-  - gemfiles/activemodel_4.2.gemfile
-  - gemfiles/activemodel_4.1.gemfile
   - gemfiles/activemodel_4.0.gemfile
   - gemfiles/activemodel_3.2.gemfile
 
 matrix:
   exclude:
-  - rvm: 2.0
+  - rvm: 2.2.3
+    gemfile: gemfiles/activemodel_6.0.gemfile
+  - rvm: 2.2.3
+    gemfile: gemfiles/activemodel_6.1.gemfile
+
+  - rvm: 2.5.0
+    gemfile: gemfiles/activemodel_3.2.gemfile
+  - rvm: 2.5.0
+    gemfile: gemfiles/activemodel_4.0.gemfile
+
+  - rvm: 3.0.0
+    gemfile: gemfiles/activemodel_3.2.gemfile
+  - rvm: 3.0.0
+    gemfile: gemfiles/activemodel_4.0.gemfile
+  - rvm: 3.0.0
     gemfile: gemfiles/activemodel_5.0.gemfile
-  - rvm: jruby-9.0.4.0
+
+  - rvm: ruby-head
+    gemfile: gemfiles/activemodel_3.2.gemfile
+  - rvm: ruby-head
+    gemfile: gemfiles/activemodel_4.0.gemfile
+  - rvm: ruby-head
     gemfile: gemfiles/activemodel_5.0.gemfile
 
+  - rvm: jruby-9.1.7.0
+    gemfile: gemfiles/activemodel_6.0.gemfile
+  - rvm: jruby-9.1.7.0
+    gemfile: gemfiles/activemodel_6.1.gemfile
+
+  - rvm: jruby-9.2.13.0
+    gemfile: gemfiles/activemodel_3.2.gemfile
+  - rvm: jruby-9.2.13.0
+    gemfile: gemfiles/activemodel_4.0.gemfile
+
   allow_failures:
   - rvm: ruby-head

data/Appraisals

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 appraise 'activemodel-3.2' do
   gem 'activemodel', '3.2.22.5'
   gem 'rack', '1.6.5'
@@ -8,16 +10,14 @@ appraise 'activemodel-4.0' do
   gem 'rack', '1.6.5'
 end
 
-appraise 'activemodel-4.1' do
-  gem 'activemodel', '4.1.6'
-  gem 'rack', '1.6.5'
+appraise 'activemodel-5.0' do
+  gem 'activemodel', '5.0.1'
 end
 
-appraise 'activemodel-4.2' do
-  gem 'activemodel', '4.2.7.1'
-  gem 'rack', '1.6.5'
+appraise 'activemodel-6.0' do
+  gem 'activemodel', '6.0.3'
 end
 
-appraise 'activemodel-5.0' do
-  gem 'activemodel', '5.0.1'
+appraise 'activemodel-6.1' do
+  gem 'activemodel', '6.1.0'
 end

data/CHANGELOG.md

@@ -1,3 +1,23 @@
+# 3.0.0
+
+* [#32](https://github.com/musaffa/file_validators/pull/32) Removed cocaine/terrapin. Added options for choosing MIME type analyzers with `:tool` option.
+* [#40](https://github.com/musaffa/file_validators/pull/40) Added Support for Ruby 3.
+* Rubocop style guide
+
+# 3.0.0.beta2
+
+* [#32](https://github.com/musaffa/file_validators/pull/32) Removed terrapin. Added options for choosing MIME type analyzers with `:tool` option.
+
+# 3.0.0.beta1
+
+* [#29](https://github.com/musaffa/file_validators/pull/29) Upgrade cocaine to terrapin
+* Rubocop style guide
+
+# 2.3.0
+
+* [#19](https://github.com/musaffa/file_validators/pull/19) Return false with blank size
+* [#27](https://github.com/musaffa/file_validators/pull/27) Fix file size validator for ActiveStorage
+
 # 2.2.0-beta.1
 
 * [#17](https://github.com/musaffa/file_validators/pull/17) Now Supports multiple file uploads

data/Gemfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 # Declare your gem's dependencies in file_validators.gemspec.

data/README.md

@@ -2,7 +2,6 @@
 
 [![Gem Version](https://badge.fury.io/rb/file_validators.svg)](http://badge.fury.io/rb/file_validators)
 [![Build Status](https://travis-ci.org/musaffa/file_validators.svg)](https://travis-ci.org/musaffa/file_validators)
-[![Dependency Status](https://gemnasium.com/musaffa/file_validators.svg)](https://gemnasium.com/musaffa/file_validators)
 [![Coverage Status](https://coveralls.io/repos/musaffa/file_validators/badge.png)](https://coveralls.io/r/musaffa/file_validators)
 [![Code Climate](https://codeclimate.com/github/musaffa/file_validators/badges/gpa.svg)](https://codeclimate.com/github/musaffa/file_validators)
 [![Inline docs](http://inch-ci.org/github/musaffa/file_validators.svg)](http://inch-ci.org/github/musaffa/file_validators)
@@ -12,8 +11,8 @@ Any module that uses ActiveModel, for example ActiveRecord, can use these file v
 
 ## Support
 
-* ActiveModel versions: 3.2, 4 and 5.
-* Rails versions: 3.2, 4 and 5.
+* ActiveModel versions: 3.2, 4, 5 and 6.
+* Rails versions: 3.2, 4, 5 and 6.
 
 As of version `2.2`, activemodel 3.0 and 3.1 will no longer be supported.
 For activemodel 3.0 and 3.1, please use file_validators version `<= 2.1`.
@@ -39,7 +38,7 @@ class Profile
 
   attr_accessor :avatar
   validates :avatar, file_size: { less_than_or_equal_to: 100.kilobytes },
-                     file_content_type: { allow: ['image/jpeg', 'image/png'] } 
+                     file_content_type: { allow: ['image/jpeg', 'image/png'] }
 end
 ```
 ActiveRecord example:
@@ -67,23 +66,23 @@ validates :avatar, file_size: { less_than: 2.gigabytes }
 ```
 * `less_than_or_equal_to`: Less than or equal to a number in bytes or a proc that returns a number
 ```ruby
-validates :avatar, file_size: { less_than_or_equal_to: 50.bytes } 
+validates :avatar, file_size: { less_than_or_equal_to: 50.bytes }
 ```
 * `greater_than`: greater than a number in bytes or a proc that returns a number
 ```ruby
-validates :avatar, file_size: { greater_than: 1.byte } 
+validates :avatar, file_size: { greater_than: 1.byte }
 ```
 * `greater_than_or_equal_to`: Greater than or equal to a number in bytes or a proc that returns a number
 ```ruby
-validates :avatar, file_size: { greater_than_or_equal_to: 50.bytes } 
+validates :avatar, file_size: { greater_than_or_equal_to: 50.bytes }
 ```
-* `message`: Error message to display. With all the options above except `:in`, you will get `count` as a replacement. 
-With `:in` you will get `min` and `max` as replacements. 
+* `message`: Error message to display. With all the options above except `:in`, you will get `count` as a replacement.
+With `:in` you will get `min` and `max` as replacements.
 `count`, `min` and `max` each will have its value and unit together.
 You can write error messages without using any replacement.
 ```ruby
 validates :avatar, file_size: { less_than: 100.kilobytes,
-                                message: 'avatar should be less than %{count}' } 
+                                message: 'avatar should be less than %{count}' }
 ```
 ```ruby
 validates :document, file_size: { in: 1.kilobyte..1.megabyte,
@@ -142,8 +141,13 @@ validates :video, file_content_type: { allow: lambda { |record| record.content_t
 can be a String or a Regexp. It also accepts `proc`. See `:allow` options examples.
 * `mode`: `:strict` or `:relaxed`. `:strict` mode can detect content type based on the contents
 of the files. It also detects media type spoofing (see more in [security](#security)).
-`:relaxed` mode uses file name to detect the content type using `mime-types` gem.
-If mode option is not set then the validator uses form supplied content type.
+`:file` analyzer is used in `:strict` mode. `:relaxed` mode uses file name to detect
+the content type. `mime_types` analyzer is used in `relaxed` mode. If mode option is not
+set then the validator uses form supplied content type.
+* `tool`: `:file`, `:fastimage`, `:filemagic`, `:mimemagic`, `:marcel`, `:mime_types`, `:mini_mime`.
+You can choose one of these built-in MIME type analyzers. You have to install the analyzer gem you choose.
+By default supplied content type is used to determine the MIME type. This option takes precedence
+over `mode` option.
 ```ruby
 validates :avatar, file_content_type: { allow: 'image/jpeg', mode: :strict }
 validates :avatar, file_content_type: { allow: 'image/jpeg', mode: :relaxed }
@@ -172,7 +176,7 @@ validates :avatar, file_content_type: { allow: /^image\/.*/, exclude: ['image/pn
 This gem can use Unix file command to get the content type based on the content of the file rather
 than the extension. This prevents fake content types inserted in the request header.
 
-It also prevents file media type spoofing. For example, user may upload a .html document as 
+It also prevents file media type spoofing. For example, user may upload a .html document as
 a part of the EXIF header of a valid JPEG file. Content type validator will identify its content type
 as `image/jpeg` and, without spoof detection, it may pass the validation and be saved as .html document
 thus exposing your application to a security vulnerability. Media type spoof detector wont let that happen.
@@ -180,8 +184,8 @@ It will not allow a file having `image/jpeg` content type to be saved as `text/p
 type mismatch, for example `text` of `text/plain` and `image` of `image/jpeg`. So it will not prevent
 `image/jpeg` from saving as `image/png` as both have the same `image` media type.
 
-**note**: This security feature is disabled by default. To enable it, first add `cocaine` gem in
-your Gemfile and then add `mode: :strict` option in [content type validations](#file-content-type-validator).
+**note**: This security feature is disabled by default. To enable it, add `mode: :strict` option
+in [content type validations](#file-content-type-validator).
 `:strict` mode may not work in direct file uploading systems as the file is not passed along with the form.
 
 ## i18n Translations
@@ -201,7 +205,7 @@ of the file matches anyone of them. takes `types` as replacement.
 
 This gem provides `en` translations for this errors under `errors.messages` namespace.
 If you want to override and/or create other locales, you can
-check [this](https://github.com/musaffa/file_validators/blob/master/lib/file_validators/locale/en.yml) out to see how translations are done.  
+check [this](https://github.com/musaffa/file_validators/blob/master/lib/file_validators/locale/en.yml) out to see how translations are done.
 
 You can override all of them with the `:message` option.
 
@@ -254,6 +258,7 @@ uploaders start processing a file immediately after its assignment (even before
 $ rake
 $ rake test:unit
 $ rake test:integration
+$ rubocop
 
 # test different active model versions
 $ bundle exec appraisal install

data/Rakefile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 begin
   require 'bundler/setup'
 rescue LoadError
@@ -16,7 +18,7 @@ namespace :test do
   end
 end
 
-task :default => ['test:unit', 'test:integration']
+task default: ['test:unit', 'test:integration']
 
 # require 'rdoc/task'
 

data/file_validators.gemspec

@@ -1,4 +1,6 @@
-$:.push File.expand_path('../lib', __FILE__)
+# frozen_string_literal: true
+
+$LOAD_PATH.push File.expand_path('lib', __dir__)
 
 require 'file_validators/version'
 
@@ -12,17 +14,21 @@ Gem::Specification.new do |s|
   s.homepage    = 'https://github.com/musaffa/file_validators'
   s.license     = 'MIT'
 
-  s.files         = `git ls-files`.split($/)
+  s.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
   s.executables   = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
   s.test_files    = s.files.grep(%r{^spec/})
-  s.require_paths  = ['lib']
+  s.require_paths = ['lib']
 
   s.add_dependency 'activemodel', '>= 3.2'
   s.add_dependency 'mime-types', '>= 1.0'
 
-  s.add_development_dependency 'cocaine', '~> 0.5.4'
-  s.add_development_dependency 'rake'
-  s.add_development_dependency 'rspec', '~> 3.5.0'
   s.add_development_dependency 'coveralls'
+  s.add_development_dependency 'fastimage'
+  s.add_development_dependency 'marcel', '~> 0.3' if RUBY_VERSION >= '2.2.0'
+  s.add_development_dependency 'mimemagic', '>= 0.3.2'
+  s.add_development_dependency 'mini_mime', '~> 1.0'
   s.add_development_dependency 'rack-test'
+  s.add_development_dependency 'rake'
+  s.add_development_dependency 'rspec', '~> 3.5.0'
+  s.add_development_dependency 'rubocop', '~> 0.58.2'
 end

data/gemfiles/{activemodel_4.1.gemfile → activemodel_6.0.gemfile}

@@ -3,7 +3,6 @@
 source "https://rubygems.org"
 
 gem "appraisal"
-gem "activemodel", "4.1.6"
-gem "rack", "1.6.5"
+gem "activemodel", "6.0.3"
 
 gemspec :path => "../"

data/gemfiles/{activemodel_4.2.gemfile → activemodel_6.1.gemfile}

@@ -3,7 +3,6 @@
 source "https://rubygems.org"
 
 gem "appraisal"
-gem "activemodel", "4.2.7.1"
-gem "rack", "1.6.5"
+gem "activemodel", "6.1.0"
 
 gemspec :path => "../"

data/lib/file_validators/error.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module FileValidators
+  class Error < StandardError
+  end
+end

data/lib/file_validators/mime_type_analyzer.rb

@@ -0,0 +1,106 @@
+# frozen_string_literal: true
+
+# Extracted from shrine/plugins/determine_mime_type.rb
+module FileValidators
+  class MimeTypeAnalyzer
+    SUPPORTED_TOOLS = %i[fastimage file filemagic mimemagic marcel mime_types mini_mime].freeze
+    MAGIC_NUMBER    = 256 * 1024
+
+    def initialize(tool)
+      raise Error, "unknown mime type analyzer #{tool.inspect}, supported analyzers are: #{SUPPORTED_TOOLS.join(',')}" unless SUPPORTED_TOOLS.include?(tool)
+
+      @tool = tool
+    end
+
+    def call(io)
+      mime_type = send(:"extract_with_#{@tool}", io)
+      io.rewind
+
+      mime_type
+    end
+
+    private
+
+    def extract_with_file(io)
+      require 'open3'
+
+      return nil if io.eof? # file command returns "application/x-empty" for empty files
+
+      Open3.popen3(*%W[file --mime-type --brief -]) do |stdin, stdout, stderr, thread|
+        begin
+          IO.copy_stream(io, stdin.binmode)
+        rescue Errno::EPIPE
+        end
+        stdin.close
+
+        status = thread.value
+
+        raise Error, "file command failed to spawn: #{stderr.read}" if status.nil?
+        raise Error, "file command failed: #{stderr.read}" unless status.success?
+        $stderr.print(stderr.read)
+
+        stdout.read.strip
+      end
+    rescue Errno::ENOENT
+      raise Error, 'file command-line tool is not installed'
+    end
+
+    def extract_with_fastimage(io)
+      require 'fastimage'
+
+      type = FastImage.type(io)
+      "image/#{type}" if type
+    end
+
+    def extract_with_filemagic(io)
+      require 'filemagic'
+
+      return nil if io.eof? # FileMagic returns "application/x-empty" for empty files
+
+      FileMagic.open(FileMagic::MAGIC_MIME_TYPE) do |filemagic|
+        filemagic.buffer(io.read(MAGIC_NUMBER))
+      end
+    end
+
+    def extract_with_mimemagic(io)
+      require 'mimemagic'
+
+      mime = MimeMagic.by_magic(io)
+      mime.type if mime
+    end
+
+    def extract_with_marcel(io)
+      require 'marcel'
+
+      return nil if io.eof? # marcel returns "application/octet-stream" for empty files
+
+      Marcel::MimeType.for(io)
+    end
+
+    def extract_with_mime_types(io)
+      require 'mime/types'
+
+      if filename = extract_filename(io)
+        mime_type = MIME::Types.of(filename).first
+        mime_type.content_type if mime_type
+      end
+    end
+
+    def extract_with_mini_mime(io)
+      require 'mini_mime'
+
+      if filename = extract_filename(io)
+        info = MiniMime.lookup_by_filename(filename)
+        info.content_type if info
+      end
+    end
+
+    def extract_filename(io)
+      if io.respond_to?(:original_filename)
+        io.original_filename
+      elsif io.respond_to?(:path)
+        File.basename(io.path)
+      end
+    end
+  end
+end

data/lib/file_validators/validators/file_content_type_validator.rb

@@ -1,25 +1,35 @@
+# frozen_string_literal: true
+
 module ActiveModel
   module Validations
-
     class FileContentTypeValidator < ActiveModel::EachValidator
-      CHECKS = [:allow, :exclude].freeze
+      CHECKS = %i[allow exclude].freeze
+      SUPPORTED_MODES = { relaxed: :mime_types, strict: :file }.freeze
 
       def self.helper_method_name
         :validates_file_content_type
       end
 
       def validate_each(record, attribute, value)
-        values = parse_values(value)
-        unless values.empty?
-          mode = option_value(record, :mode)
-          allowed_types = option_content_types(record, :allow)
-          forbidden_types = option_content_types(record, :exclude)
-
-          values.each do |value|
-            content_type = get_content_type(value, mode)
-            validate_whitelist(record, attribute, content_type, allowed_types)
-            validate_blacklist(record, attribute, content_type, forbidden_types)
-          end
+        begin
+          values = parse_values(value)
+        rescue JSON::ParserError
+          record.errors.add attribute, :invalid
+          return
+        end
+
+        return if values.empty?
+
+        mode = option_value(record, :mode)
+        tool = option_value(record, :tool) || SUPPORTED_MODES[mode]
+
+        allowed_types = option_content_types(record, :allow)
+        forbidden_types = option_content_types(record, :exclude)
+
+        values.each do |val|
+          content_type = get_content_type(val, tool)
+          validate_whitelist(record, attribute, content_type, allowed_types)
+          validate_blacklist(record, attribute, content_type, forbidden_types)
         end
       end
 
@@ -42,34 +52,12 @@ module ActiveModel
 
         value = JSON.parse(value) if value.is_a?(String)
 
-        Array.wrap(value).reject { |value| value.blank? }
+        Array.wrap(value).reject(&:blank?)
       end
 
-      def get_file_path(value)
-        if value.try(:path)
-          value.path
-        else
-          raise ArgumentError, 'value must return a file path in order to validate file content type'
-        end
-      end
-
-      def get_file_name(value)
-        if value.try(:original_filename)
-          value.original_filename
-        else
-          File.basename(get_file_path(value))
-        end
-      end
-
-      def get_content_type(value, mode)
-        case mode
-        when :strict
-          file_path = get_file_path(value)
-          file_name = get_file_name(value)
-          FileValidators::Utils::ContentTypeDetector.new(file_path, file_name).detect
-        when :relaxed
-          file_name = get_file_name(value)
-          MIME::Types.type_for(file_name).first
+      def get_content_type(value, tool)
+        if tool.present?
+          FileValidators::MimeTypeAnalyzer.new(tool).call(value)
         else
           value = OpenStruct.new(value) if value.is_a?(Hash)
           value.content_type
@@ -85,7 +73,7 @@ module ActiveModel
       end
 
       def validate_whitelist(record, attribute, content_type, allowed_types)
-        if allowed_types.present? and allowed_types.none? { |type| type === content_type }
+        if allowed_types.present? && allowed_types.none? { |type| type === content_type }
           mark_invalid record, attribute, :allowed_file_content_types, allowed_types
         end
       end
@@ -99,7 +87,7 @@ module ActiveModel
       def mark_invalid(record, attribute, error, option_types)
         error_options = options.merge(types: option_types.join(', '))
         unless record.errors.added?(attribute, error, error_options)
-          record.errors.add attribute, error, error_options
+          record.errors.add attribute, error, **error_options
         end
       end
     end
@@ -123,6 +111,10 @@ module ActiveModel
       #   :relaxed validates the content type based on the file name using
       #   the mime-types gem. It's only for sanity check.
       #   If mode is not set then it uses form supplied content type.
+      # * +tool+: :file, :fastimage, :filemagic, :mimemagic, :marcel, :mime_types, :mini_mime
+      #   You can choose a different built-in MIME type analyzer
+      #   By default supplied content type is used to determine the MIME type
+      #   This option have precedence over mode option
       # * +if+: A lambda or name of an instance method. Validation will only
       #   be run is this lambda or method returns true.
       # * +unless+: Same as +if+ but validates if lambda or method returns false.
@@ -130,6 +122,5 @@ module ActiveModel
         validates_with FileContentTypeValidator, _merge_attributes(attr_names)
       end
     end
-
   end
 end