file_validators 3.0.0.beta1 → 3.0.0.beta2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 6738e978bc3966d2acd83590b2e77b240e005bed
-  data.tar.gz: 9fccf7c9b07a08f867582ed3c65aee9606018bd7
+SHA256:
+  metadata.gz: 7536b453f528e82937d43e4349c6cb99f990832023a5567d125b817b59f3b71a
+  data.tar.gz: e33270b079d15c08aed6a2b3e1f2aab9f61d39fc222f9c42e15a0a9a34f82885
 SHA512:
-  metadata.gz: 59033aade86b442a9bd3eb3f8cbc61cf38c66452af71ba58471998e3c015a8b0ead2eba3275fd23a988c61f5cc8719b0dee7af0b099c0c25f7322d2be7775616
-  data.tar.gz: 90e211e12d9f5b3d9dc6aebecb4b3b84b853538d61eeb6ae8c014c9618d06fae927d0af7509aa5e616598034a54995e45a6e10fee8c03ad88c401e4a231c01bb
+  metadata.gz: 2c47e7fe802dc65553c2dfa5a72c2d05d97d4d14dcdf2c6826f7ae18e586a8754b1b4dc07c20abec2038b55c6d1766df96c19f968217630270586c92bab4101f
+  data.tar.gz: b8b0c693d4314614c2cd8f72a699b48c666487c4b44221f25daf9f70cc0d27d1b09766b9ef8e035ed14690ea9d24aac10cdbcc62d1e89bf2a683e46a7e39fec0

data/.tool-versions

@@ -0,0 +1 @@
+ruby 2.3.1

data/.travis.yml

@@ -1,25 +1,39 @@
 language: ruby
 
 rvm:
-  - 2.0
   - 2.2.3
+  - 2.5.0
   - ruby-head
   - jruby-9.0.4.0
   - jruby-9.1.7.0
 
 gemfile:
+  - gemfiles/activemodel_5.2.gemfile
   - gemfiles/activemodel_5.0.gemfile
   - gemfiles/activemodel_4.2.gemfile
-  - gemfiles/activemodel_4.1.gemfile
   - gemfiles/activemodel_4.0.gemfile
   - gemfiles/activemodel_3.2.gemfile
 
 matrix:
   exclude:
-  - rvm: 2.0
-    gemfile: gemfiles/activemodel_5.0.gemfile
+  - rvm: 2.5.0
+    gemfile: gemfiles/activemodel_3.2.gemfile
+  - rvm: 2.5.0
+    gemfile: gemfiles/activemodel_4.0.gemfile
+  - rvm: 2.5.0
+    gemfile: gemfiles/activemodel_4.2.gemfile
+
+  - rvm: ruby-head
+    gemfile: gemfiles/activemodel_3.2.gemfile
+  - rvm: ruby-head
+    gemfile: gemfiles/activemodel_4.0.gemfile
+  - rvm: ruby-head
+    gemfile: gemfiles/activemodel_4.2.gemfile
+
   - rvm: jruby-9.0.4.0
     gemfile: gemfiles/activemodel_5.0.gemfile
+  - rvm: jruby-9.0.4.0
+    gemfile: gemfiles/activemodel_5.2.gemfile
 
   allow_failures:
   - rvm: ruby-head

data/Appraisals

@@ -23,3 +23,7 @@ end
 appraise 'activemodel-5.0' do
   gem 'activemodel', '5.0.1'
 end
+
+appraise 'activemodel-5.2' do
+  gem 'activemodel', '5.2.1'
+end

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+# 3.0.0.beta2
+
+* [#32](https://github.com/musaffa/file_validators/pull/32) Removed terrapin. Added options for choosing MIME type analyzers with `:tool` option.
+* Rubocop style guide
+
 # 3.0.0.beta1
 
 * [#29](https://github.com/musaffa/file_validators/pull/29) Upgrade cocaine to terrapin

data/README.md

@@ -142,8 +142,13 @@ validates :video, file_content_type: { allow: lambda { |record| record.content_t
 can be a String or a Regexp. It also accepts `proc`. See `:allow` options examples.
 * `mode`: `:strict` or `:relaxed`. `:strict` mode can detect content type based on the contents
 of the files. It also detects media type spoofing (see more in [security](#security)).
-`:relaxed` mode uses file name to detect the content type using `mime-types` gem.
-If mode option is not set then the validator uses form supplied content type.
+`:file` analyzer is used in `:strict` model. `:relaxed` mode uses file name to detect
+the content type. `mime_types` analyzer is used in `relaxed` mode. If mode option is not
+set then the validator uses form supplied content type.
+* `tool`: `:file`, `:fastimage`, `:filemagic`, `:mimemagic`, `:marcel`, `:mime_types`, `:mini_mime`.
+You can choose one of these built-in MIME type analyzers. You have to install the analyzer gem you choose.
+By default supplied content type is used to determine the MIME type. This option takes precedence
+over `mode` option.
 ```ruby
 validates :avatar, file_content_type: { allow: 'image/jpeg', mode: :strict }
 validates :avatar, file_content_type: { allow: 'image/jpeg', mode: :relaxed }
@@ -180,8 +185,8 @@ It will not allow a file having `image/jpeg` content type to be saved as `text/p
 type mismatch, for example `text` of `text/plain` and `image` of `image/jpeg`. So it will not prevent
 `image/jpeg` from saving as `image/png` as both have the same `image` media type.
 
-**note**: This security feature is disabled by default. To enable it, first add `terrapin` gem in
-your Gemfile and then add `mode: :strict` option in [content type validations](#file-content-type-validator).
+**note**: This security feature is disabled by default. To enable it, add `mode: :strict` option
+in [content type validations](#file-content-type-validator).
 `:strict` mode may not work in direct file uploading systems as the file is not passed along with the form.
 
 ## i18n Translations
@@ -201,7 +206,7 @@ of the file matches anyone of them. takes `types` as replacement.
 
 This gem provides `en` translations for this errors under `errors.messages` namespace.
 If you want to override and/or create other locales, you can
-check [this](https://github.com/musaffa/file_validators/blob/master/lib/file_validators/locale/en.yml) out to see how translations are done.  
+check [this](https://github.com/musaffa/file_validators/blob/master/lib/file_validators/locale/en.yml) out to see how translations are done.
 
 You can override all of them with the `:message` option.
 

data/file_validators.gemspec

@@ -23,9 +23,12 @@ Gem::Specification.new do |s|
   s.add_dependency 'mime-types', '>= 1.0'
 
   s.add_development_dependency 'coveralls'
+  s.add_development_dependency 'fastimage'
+  s.add_development_dependency 'marcel', '~> 0.3' if RUBY_VERSION >= '2.2.0'
+  s.add_development_dependency 'mimemagic', '>= 0.3.2'
+  s.add_development_dependency 'mini_mime', '~> 1.0'
   s.add_development_dependency 'rack-test'
   s.add_development_dependency 'rake'
   s.add_development_dependency 'rspec', '~> 3.5.0'
   s.add_development_dependency 'rubocop', '~> 0.58.2'
-  s.add_development_dependency 'terrapin', '~> 0.6'
 end

data/gemfiles/activemodel_3.2.gemfile

@@ -1,11 +1,9 @@
-# frozen_string_literal: true
-
 # This file was generated by Appraisal
 
-source 'https://rubygems.org'
+source "https://rubygems.org"
 
-gem 'appraisal'
-gem 'activemodel', '3.2.22.5'
-gem 'rack', '1.6.5'
+gem "appraisal"
+gem "activemodel", "3.2.22.5"
+gem "rack", "1.6.5"
 
-gemspec path: '../'
+gemspec :path => "../"

data/gemfiles/activemodel_4.0.gemfile

@@ -1,11 +1,9 @@
-# frozen_string_literal: true
-
 # This file was generated by Appraisal
 
-source 'https://rubygems.org'
+source "https://rubygems.org"
 
-gem 'appraisal'
-gem 'activemodel', '4.0.13'
-gem 'rack', '1.6.5'
+gem "appraisal"
+gem "activemodel", "4.0.13"
+gem "rack", "1.6.5"
 
-gemspec path: '../'
+gemspec :path => "../"

data/gemfiles/activemodel_4.1.gemfile

@@ -1,11 +1,9 @@
-# frozen_string_literal: true
-
 # This file was generated by Appraisal
 
-source 'https://rubygems.org'
+source "https://rubygems.org"
 
-gem 'appraisal'
-gem 'activemodel', '4.1.6'
-gem 'rack', '1.6.5'
+gem "appraisal"
+gem "activemodel", "4.1.6"
+gem "rack", "1.6.5"
 
-gemspec path: '../'
+gemspec :path => "../"

data/gemfiles/activemodel_4.2.gemfile

@@ -1,11 +1,9 @@
-# frozen_string_literal: true
-
 # This file was generated by Appraisal
 
-source 'https://rubygems.org'
+source "https://rubygems.org"
 
-gem 'appraisal'
-gem 'activemodel', '4.2.7.1'
-gem 'rack', '1.6.5'
+gem "appraisal"
+gem "activemodel", "4.2.7.1"
+gem "rack", "1.6.5"
 
-gemspec path: '../'
+gemspec :path => "../"

data/gemfiles/activemodel_5.0.gemfile

@@ -1,10 +1,8 @@
-# frozen_string_literal: true
-
 # This file was generated by Appraisal
 
-source 'https://rubygems.org'
+source "https://rubygems.org"
 
-gem 'appraisal'
-gem 'activemodel', '5.0.1'
+gem "appraisal"
+gem "activemodel", "5.0.1"
 
-gemspec path: '../'
+gemspec :path => "../"

data/gemfiles/activemodel_5.2.gemfile

@@ -0,0 +1,8 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "appraisal"
+gem "activemodel", "5.2.1"
+
+gemspec :path => "../"

data/lib/file_validators.rb

@@ -4,12 +4,9 @@ require 'active_model'
 require 'ostruct'
 
 module FileValidators
-  module Utils
-    extend ActiveSupport::Autoload
-
-    autoload :ContentTypeDetector
-    autoload :MediaTypeSpoofDetector
-  end
+  extend ActiveSupport::Autoload
+  autoload :Error
+  autoload :MimeTypeAnalyzer
 end
 
 Dir[File.dirname(__FILE__) + '/file_validators/validators/*.rb'].each { |file| require file }

data/lib/file_validators/error.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module FileValidators
+  class Error < StandardError
+  end
+end

data/lib/file_validators/mime_type_analyzer.rb

@@ -0,0 +1,106 @@
+# frozen_string_literal: true
+
+# Extracted from shrine/plugins/determine_mime_type.rb
+module FileValidators
+  class MimeTypeAnalyzer
+    SUPPORTED_TOOLS = %i[fastimage file filemagic mimemagic marcel mime_types mini_mime].freeze
+    MAGIC_NUMBER    = 256 * 1024
+
+    def initialize(tool)
+      raise Error, "unknown mime type analyzer #{tool.inspect}, supported analyzers are: #{SUPPORTED_TOOLS.join(',')}" unless SUPPORTED_TOOLS.include?(tool)
+
+      @tool = tool
+    end
+
+    def call(io)
+      mime_type = send(:"extract_with_#{@tool}", io)
+      io.rewind
+
+      mime_type
+    end
+
+    private
+
+    def extract_with_file(io)
+      require 'open3'
+
+      return nil if io.eof? # file command returns "application/x-empty" for empty files
+
+      Open3.popen3(*%W[file --mime-type --brief -]) do |stdin, stdout, stderr, thread|
+        begin
+          IO.copy_stream(io, stdin.binmode)
+        rescue Errno::EPIPE
+        end
+        stdin.close
+
+        status = thread.value
+
+        raise Error, "file command failed to spawn: #{stderr.read}" if status.nil?
+        raise Error, "file command failed: #{stderr.read}" unless status.success?
+        $stderr.print(stderr.read)
+
+        stdout.read.strip
+      end
+    rescue Errno::ENOENT
+      raise Error, 'file command-line tool is not installed'
+    end
+
+    def extract_with_fastimage(io)
+      require 'fastimage'
+
+      type = FastImage.type(io)
+      "image/#{type}" if type
+    end
+
+    def extract_with_filemagic(io)
+      require 'filemagic'
+
+      return nil if io.eof? # FileMagic returns "application/x-empty" for empty files
+
+      FileMagic.open(FileMagic::MAGIC_MIME_TYPE) do |filemagic|
+        filemagic.buffer(io.read(MAGIC_NUMBER))
+      end
+    end
+
+    def extract_with_mimemagic(io)
+      require 'mimemagic'
+
+      mime = MimeMagic.by_magic(io)
+      mime.type if mime
+    end
+
+    def extract_with_marcel(io)
+      require 'marcel'
+
+      return nil if io.eof? # marcel returns "application/octet-stream" for empty files
+
+      Marcel::MimeType.for(io)
+    end
+
+    def extract_with_mime_types(io)
+      require 'mime/types'
+
+      if filename = extract_filename(io)
+        mime_type = MIME::Types.of(filename).first
+        mime_type.content_type if mime_type
+      end
+    end
+
+    def extract_with_mini_mime(io)
+      require 'mini_mime'
+
+      if filename = extract_filename(io)
+        info = MiniMime.lookup_by_filename(filename)
+        info.content_type if info
+      end
+    end
+
+    def extract_filename(io)
+      if io.respond_to?(:original_filename)
+        io.original_filename
+      elsif io.respond_to?(:path)
+        File.basename(io.path)
+      end
+    end
+  end
+end

data/lib/file_validators/validators/file_content_type_validator.rb

@@ -4,21 +4,30 @@ module ActiveModel
   module Validations
     class FileContentTypeValidator < ActiveModel::EachValidator
       CHECKS = %i[allow exclude].freeze
+      SUPPORTED_MODES = { relaxed: :mime_types, strict: :file }.freeze
 
       def self.helper_method_name
         :validates_file_content_type
       end
 
       def validate_each(record, attribute, value)
-        values = parse_values(value)
+        begin
+          values = parse_values(value)
+        rescue JSON::ParserError
+          record.errors.add attribute, :invalid
+          return
+        end
+
         return if values.empty?
 
         mode = option_value(record, :mode)
+        tool = option_value(record, :tool) || SUPPORTED_MODES[mode]
+
         allowed_types = option_content_types(record, :allow)
         forbidden_types = option_content_types(record, :exclude)
 
         values.each do |val|
-          content_type = get_content_type(val, mode)
+          content_type = get_content_type(val, tool)
           validate_whitelist(record, attribute, content_type, allowed_types)
           validate_blacklist(record, attribute, content_type, forbidden_types)
         end
@@ -46,31 +55,9 @@ module ActiveModel
         Array.wrap(value).reject(&:blank?)
       end
 
-      def get_file_path(value)
-        if value.try(:path)
-          value.path
-        else
-          raise ArgumentError, 'value must return a file path in order to validate file content type'
-        end
-      end
-
-      def get_file_name(value)
-        if value.try(:original_filename)
-          value.original_filename
-        else
-          File.basename(get_file_path(value))
-        end
-      end
-
-      def get_content_type(value, mode)
-        case mode
-        when :strict
-          file_path = get_file_path(value)
-          file_name = get_file_name(value)
-          FileValidators::Utils::ContentTypeDetector.new(file_path, file_name).detect
-        when :relaxed
-          file_name = get_file_name(value)
-          MIME::Types.type_for(file_name).first
+      def get_content_type(value, tool)
+        if tool.present?
+          FileValidators::MimeTypeAnalyzer.new(tool).call(value)
         else
           value = OpenStruct.new(value) if value.is_a?(Hash)
           value.content_type
@@ -124,6 +111,10 @@ module ActiveModel
       #   :relaxed validates the content type based on the file name using
       #   the mime-types gem. It's only for sanity check.
       #   If mode is not set then it uses form supplied content type.
+      # * +tool+: :file, :fastimage, :filemagic, :mimemagic, :marcel, :mime_types, :mini_mime
+      #   You can choose a different built-in MIME type analyzer
+      #   By default supplied content type is used to determine the MIME type
+      #   This option have precedence over mode option
       # * +if+: A lambda or name of an instance method. Validation will only
       #   be run is this lambda or method returns true.
       # * +unless+: Same as +if+ but validates if lambda or method returns false.

data/lib/file_validators/validators/file_size_validator.rb

@@ -14,7 +14,13 @@ module ActiveModel
       end
 
       def validate_each(record, attribute, value)
-        values = parse_values(value)
+        begin
+          values = parse_values(value)
+        rescue JSON::ParserError
+          record.errors.add attribute, :invalid
+          return
+        end
+
         return if values.empty?
 
         options.slice(*CHECKS.keys).each do |option, option_value|

data/lib/file_validators/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module FileValidators
-  VERSION = '3.0.0.beta1'
+  VERSION = '3.0.0.beta2'
 end

data/spec/integration/file_content_type_validation_integration_spec.rb

@@ -252,6 +252,31 @@ describe 'File Content Type integration with ActiveModel' do
     end
   end
 
+  context ':tool option' do
+    before :all do
+      Person.class_eval do
+        Person.reset_callbacks(:validate)
+        validates :avatar, file_content_type: { allow: 'image/jpeg', tool: :marcel }
+      end
+    end
+
+    subject { Person.new }
+
+    context 'with valid file' do
+      it 'validates the file' do
+        subject.avatar = Rack::Test::UploadedFile.new(@cute_path, 'image/jpeg')
+        expect(subject).to be_valid
+      end
+    end
+
+    context 'with spoofed file' do
+      it 'invalidates the file' do
+        subject.avatar = Rack::Test::UploadedFile.new(@spoofed_file_path, 'image/jpeg')
+        expect(subject).not_to be_valid
+      end
+    end
+  end
+
   context ':mode option' do
     context 'strict mode' do
       before :all do
@@ -364,6 +389,11 @@ describe 'File Content Type integration with ActiveModel' do
       before { subject.avatar = '' }
       it { is_expected.to be_valid }
     end
+
+    context 'invalid json string' do
+      before { subject.avatar = '{filename":"img140910_88338.jpg","content_type":"image/jpeg","size":13150}' }
+      it { is_expected.not_to be_valid }
+    end
   end
 
   context 'image data as hash' do

data/spec/integration/file_size_validator_integration_spec.rb

@@ -240,10 +240,15 @@ describe 'File Size Validator integration with ActiveModel' do
       it { is_expected.to be_valid }
     end
 
-    context 'empty json string' do
+    context 'empty string' do
       before { subject.avatar = '' }
       it { is_expected.to be_valid }
     end
+
+    context 'invalid json string' do
+      before { subject.avatar = '{filename":"img140910_88338.GIF","content_type":"image/gif","size":33150}' }
+      it { is_expected.not_to be_valid }
+    end
   end
 
   context 'image data as hash' do

data/spec/lib/file_validators/mime_type_analyzer_spec.rb

@@ -0,0 +1,139 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'rack/test/uploaded_file'
+
+describe FileValidators::MimeTypeAnalyzer do
+  it 'rises error when tool is invalid' do
+    expect { described_class.new(:invalid) }.to raise_error(FileValidators::Error)
+  end
+
+  before :all do
+    @cute_path = File.join(File.dirname(__FILE__), '../../fixtures/cute.jpg')
+    @spoofed_file_path = File.join(File.dirname(__FILE__), '../../fixtures/spoofed.jpg')
+  end
+
+  let(:cute_image) { Rack::Test::UploadedFile.new(@cute_path, 'image/jpeg') }
+  let(:spoofed_file) { Rack::Test::UploadedFile.new(@spoofed_file_path, 'image/jpeg') }
+
+  describe ':file analyzer' do
+    let(:analyzer) { described_class.new(:file) }
+
+    it 'determines MIME type from file contents' do
+      expect(analyzer.call(cute_image)).to eq('image/jpeg')
+    end
+
+    it 'returns text/plain for unidentified MIME types' do
+      expect(analyzer.call(fakeio('a' * 5 * 1024 * 1024))).to eq('text/plain')
+    end
+
+    it 'is able to determine MIME type for spoofed files' do
+      expect(analyzer.call(spoofed_file)).to eq('text/plain')
+    end
+
+    it 'is able to determine MIME type for non-files' do
+      expect(analyzer.call(fakeio(cute_image.read))).to eq('image/jpeg')
+    end
+
+    it 'returns nil for empty IOs' do
+      expect(analyzer.call(fakeio(''))).to eq(nil)
+    end
+
+    it 'raises error if file command is not found' do
+      allow(Open3).to receive(:popen3).and_raise(Errno::ENOENT)
+      expect { analyzer.call(fakeio) }.to raise_error(FileValidators::Error, 'file command-line tool is not installed')
+    end
+  end
+
+  describe ':fastimage analyzer' do
+    let(:analyzer) { described_class.new(:fastimage) }
+
+    it 'extracts MIME type of any IO' do
+      expect(analyzer.call(cute_image)).to eq('image/jpeg')
+    end
+
+    it 'returns nil for unidentified MIME types' do
+      expect(analyzer.call(fakeio('😃'))).to eq nil
+    end
+
+    it 'returns nil for empty IOs' do
+      expect(analyzer.call(fakeio(''))).to eq nil
+    end
+  end
+
+  describe ':mimemagic analyzer' do
+    let(:analyzer) { described_class.new(:mimemagic) }
+
+    it 'extracts MIME type of any IO' do
+      expect(analyzer.call(cute_image)).to eq('image/jpeg')
+    end
+
+    it 'returns nil for unidentified MIME types' do
+      expect(analyzer.call(fakeio('😃'))).to eq nil
+    end
+
+    it 'returns nil for empty IOs' do
+      expect(analyzer.call(fakeio(''))).to eq nil
+    end
+  end
+
+  if RUBY_VERSION >= '2.2.0'
+    describe ':marcel analyzer' do
+      let(:analyzer) { described_class.new(:marcel) }
+
+      it 'extracts MIME type of any IO' do
+        expect(analyzer.call(cute_image)).to eq('image/jpeg')
+      end
+
+      it 'returns application/octet-stream for unidentified MIME types' do
+        expect(analyzer.call(fakeio('😃'))).to eq 'application/octet-stream'
+      end
+
+      it 'returns nil for empty IOs' do
+        expect(analyzer.call(fakeio(''))).to eq nil
+      end
+    end
+  end
+
+  describe ':mime_types analyzer' do
+    let(:analyzer) { described_class.new(:mime_types) }
+
+    it 'extract MIME type from the file extension' do
+      expect(analyzer.call(fakeio(filename: 'image.png'))).to eq('image/png')
+      expect(analyzer.call(cute_image)).to eq('image/jpeg')
+    end
+
+    it 'extracts MIME type from file extension when IO is empty' do
+      expect(analyzer.call(fakeio('', filename: 'image.png'))).to eq('image/png')
+    end
+
+    it 'returns nil on unknown extension' do
+      expect(analyzer.call(fakeio(filename: 'file.foo'))).to eq(nil)
+    end
+
+    it 'returns nil when input is not a file' do
+      expect(analyzer.call(fakeio)).to eq(nil)
+    end
+  end
+
+  describe ':mini_mime analyzer' do
+    let(:analyzer) { described_class.new(:mini_mime) }
+
+    it 'extract MIME type from the file extension' do
+      expect(analyzer.call(fakeio(filename: 'image.png'))).to eq('image/png')
+      expect(analyzer.call(cute_image)).to eq('image/jpeg')
+    end
+
+    it 'extracts MIME type from file extension when IO is empty' do
+      expect(analyzer.call(fakeio('', filename: 'image.png'))).to eq('image/png')
+    end
+
+    it 'returns nil on unkown extension' do
+      expect(analyzer.call(fakeio(filename: 'file.foo'))).to eq(nil)
+    end
+
+    it 'returns nil when input is not a file' do
+      expect(analyzer.call(fakeio)).to eq(nil)
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -18,6 +18,8 @@ I18n.enforce_available_locales = false
 Dir[File.join(File.dirname(__FILE__), 'support/**/*.rb')].each { |f| require f }
 
 RSpec.configure do |config|
+  config.include Helpers
+
   # Suppress stdout in the console
   config.before { allow($stdout).to receive(:write) }
 end

data/spec/support/fakeio.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require 'forwardable'
+require 'stringio'
+
+class FakeIO
+  attr_reader :original_filename, :content_type
+
+  def initialize(content, filename: nil, content_type: nil)
+    @io = StringIO.new(content)
+    @original_filename = filename
+    @content_type = content_type
+  end
+
+  extend Forwardable
+  delegate %i[read rewind eof? close size] => :@io
+end

data/spec/support/helpers.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Helpers
+  def fakeio(content = 'file', **options)
+    FakeIO.new(content, **options)
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: file_validators
 version: !ruby/object:Gem::Version
-  version: 3.0.0.beta1
+  version: 3.0.0.beta2
 platform: ruby
 authors:
 - Ahmad Musaffa
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-08-20 00:00:00.000000000 Z
+date: 2020-11-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel
@@ -53,7 +53,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rack-test
+  name: fastimage
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -67,61 +67,103 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: marcel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
+- !ruby/object:Gem::Dependency
+  name: mimemagic
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.3.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.3.2
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: mini_mime
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.5.0
+        version: '1.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.5.0
+        version: '1.0'
 - !ruby/object:Gem::Dependency
-  name: rubocop
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.58.2
+        version: 3.5.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.58.2
+        version: 3.5.0
 - !ruby/object:Gem::Dependency
-  name: terrapin
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: 0.58.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: 0.58.2
 description: Adds file validators to ActiveModel
 email:
 - musaffa_csemm@yahoo.com
@@ -132,6 +174,7 @@ files:
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
+- ".tool-versions"
 - ".travis.yml"
 - Appraisals
 - CHANGELOG.md
@@ -146,10 +189,11 @@ files:
 - gemfiles/activemodel_4.1.gemfile
 - gemfiles/activemodel_4.2.gemfile
 - gemfiles/activemodel_5.0.gemfile
+- gemfiles/activemodel_5.2.gemfile
 - lib/file_validators.rb
+- lib/file_validators/error.rb
 - lib/file_validators/locale/en.yml
-- lib/file_validators/utils/content_type_detector.rb
-- lib/file_validators/utils/media_type_spoof_detector.rb
+- lib/file_validators/mime_type_analyzer.rb
 - lib/file_validators/validators/file_content_type_validator.rb
 - lib/file_validators/validators/file_size_validator.rb
 - lib/file_validators/version.rb
@@ -161,12 +205,13 @@ files:
 - spec/integration/combined_validators_integration_spec.rb
 - spec/integration/file_content_type_validation_integration_spec.rb
 - spec/integration/file_size_validator_integration_spec.rb
-- spec/lib/file_validators/utils/content_type_detector_spec.rb
-- spec/lib/file_validators/utils/media_type_spoof_detector_spec.rb
+- spec/lib/file_validators/mime_type_analyzer_spec.rb
 - spec/lib/file_validators/validators/file_content_type_validator_spec.rb
 - spec/lib/file_validators/validators/file_size_validator_spec.rb
 - spec/locale/en.yml
 - spec/spec_helper.rb
+- spec/support/fakeio.rb
+- spec/support/helpers.rb
 - spec/support/matchers/allow_content_type.rb
 - spec/support/matchers/allow_file_size.rb
 homepage: https://github.com/musaffa/file_validators
@@ -188,8 +233,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: ActiveModel file validators
@@ -202,11 +246,12 @@ test_files:
 - spec/integration/combined_validators_integration_spec.rb
 - spec/integration/file_content_type_validation_integration_spec.rb
 - spec/integration/file_size_validator_integration_spec.rb
-- spec/lib/file_validators/utils/content_type_detector_spec.rb
-- spec/lib/file_validators/utils/media_type_spoof_detector_spec.rb
+- spec/lib/file_validators/mime_type_analyzer_spec.rb
 - spec/lib/file_validators/validators/file_content_type_validator_spec.rb
 - spec/lib/file_validators/validators/file_size_validator_spec.rb
 - spec/locale/en.yml
 - spec/spec_helper.rb
+- spec/support/fakeio.rb
+- spec/support/helpers.rb
 - spec/support/matchers/allow_content_type.rb
 - spec/support/matchers/allow_file_size.rb

data/lib/file_validators/utils/content_type_detector.rb

@@ -1,66 +0,0 @@
-# frozen_string_literal: true
-
-require 'logger'
-
-begin
-  require 'terrapin'
-rescue LoadError
-  puts "file_validators requires 'terrapin' gem as you are using" \
-       ' file content type validations in strict mode'
-end
-
-module FileValidators
-  module Utils
-    class ContentTypeDetector
-      EMPTY_CONTENT_TYPE = 'inode/x-empty'
-      DEFAULT_CONTENT_TYPE = 'application/octet-stream'
-
-      attr_accessor :file_path, :file_name
-
-      def initialize(file_path, file_name)
-        @file_path = file_path
-        @file_name = file_name
-      end
-
-      # content type detection strategy:
-      #
-      # 1. invalid file_path: returns 'application/octet-stream'
-      # 2. empty file: returns 'inode/x-empty'
-      # 3. valid file: returns the content type using file command
-      # 4. valid file but file commoand raises error: returns 'application/octet-stream'
-
-      def detect
-        if !File.exist?(file_path)
-          DEFAULT_CONTENT_TYPE
-        elsif File.zero?(file_path)
-          EMPTY_CONTENT_TYPE
-        else
-          content_type_from_content
-        end
-      end
-
-      private
-
-      def content_type_from_content
-        content_type = type_from_file_command
-
-        if FileValidators::Utils::MediaTypeSpoofDetector.new(content_type, file_name).spoofed?
-          logger.warn('A file with a spoofed media type has been detected by the file validators.')
-        else
-          content_type
-        end
-      end
-
-      def type_from_file_command
-        Terrapin::CommandLine.new('file', '-b --mime-type :file').run(file: @file_path).strip
-      rescue Terrapin::CommandLineError => e
-        logger.info(e.message)
-        DEFAULT_CONTENT_TYPE
-      end
-
-      def logger
-        Logger.new(STDOUT)
-      end
-    end
-  end
-end

data/lib/file_validators/utils/media_type_spoof_detector.rb

@@ -1,46 +0,0 @@
-# frozen_string_literal: true
-
-require 'mime/types'
-
-module FileValidators
-  module Utils
-    class MediaTypeSpoofDetector
-      def initialize(content_type, file_name)
-        @content_type = content_type
-        @file_name = file_name
-      end
-
-      # media type spoof detection strategy:
-      #
-      # 1. it will not identify as spoofed if file name doesn't have any extension
-      # 2. it will identify as spoofed if any of the file extension's media types
-      # matches the media type of the content type. So it will return true for
-      # `text` of `text/plain` mismatch with `image` of `image/jpeg`, but return false
-      # for `image` of `image/png` match with `image` of `image/jpeg`.
-
-      def spoofed?
-        extension? && media_type_mismatch?
-      end
-
-      private
-
-      def extension?
-        # the following code replaced File.extname(@file_name).present? because it cannot
-        # return the extension of a extension-only file names, e.g. '.html', '.jpg' etc
-        @file_name.split('.').length > 1
-      end
-
-      def media_type_mismatch?
-        supplied_media_types.none? { |type| type == detected_media_type }
-      end
-
-      def supplied_media_types
-        MIME::Types.type_for(@file_name).collect(&:media_type)
-      end
-
-      def detected_media_type
-        @content_type.split('/').first
-      end
-    end
-  end
-end

data/spec/lib/file_validators/utils/content_type_detector_spec.rb

@@ -1,29 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-require 'tempfile'
-
-describe FileValidators::Utils::ContentTypeDetector do
-  it 'returns the empty content type when the file is empty' do
-    tempfile = Tempfile.new('empty')
-    expect(described_class.new(tempfile.path, tempfile.path).detect).to eql('inode/x-empty')
-    tempfile.close
-  end
-
-  it 'returns a content type based on the content of the file' do
-    tempfile = Tempfile.new('something')
-    tempfile.write('This is a file.')
-    tempfile.rewind
-    expect(described_class.new(tempfile.path, tempfile.path).detect).to eql('text/plain')
-    tempfile.close
-  end
-
-  it 'returns a sensible default when the file path is empty' do
-    expect(described_class.new('', '').detect).to eql('application/octet-stream')
-  end
-
-  it 'returns a sensible default if the file path is invalid' do
-    file_path = '/path/to/nothing'
-    expect(described_class.new(file_path, file_path).detect).to eql('application/octet-stream')
-  end
-end

data/spec/lib/file_validators/utils/media_type_spoof_detector_spec.rb

@@ -1,33 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-describe FileValidators::Utils::MediaTypeSpoofDetector do
-  it 'rejects a file with an extension .html and identifies as jpeg' do
-    expect(described_class.new('image/jpeg', 'sample.html')).to be_spoofed
-  end
-
-  it 'does not reject a file with an extension .jpg and identifies as png' do
-    expect(described_class.new('image/png', 'sample.jpg')).not_to be_spoofed
-  end
-
-  it 'does not reject a file with an extension .txt and identifies as text' do
-    expect(described_class.new('text/plain', 'sample.txt')).not_to be_spoofed
-  end
-
-  it 'does not reject a file that does not have any name' do
-    expect(described_class.new('text/plain', '')).not_to be_spoofed
-  end
-
-  it 'does not reject a file that does not have any extension' do
-    expect(described_class.new('text/plain', 'sample')).not_to be_spoofed
-  end
-
-  it 'rejects a file that does not have a basename but has an extension with mismatched media type' do
-    expect(described_class.new('image/jpeg', '.html')).to be_spoofed
-  end
-
-  it 'does not reject a file that does not have a basename but has an extension with valid media type' do
-    expect(described_class.new('image/png', '.jpg')).not_to be_spoofed
-  end
-end