gitlab-org--gitlab-foss/app/uploaders/content_type_whitelist.rb

54 lines
1.8 KiB
Ruby

# frozen_string_literal: true
# Currently we run CarrierWave 1.3.1 which means we can not whitelist files
# by their content type through magic header parsing.
#
# This is a patch to hold us over until we get to CarrierWave 2 :) It's a mashup of
# CarrierWave's lib/carrierwave/uploader/content_type_whitelist.rb and
# lib/carrierwave/sanitized_file.rb
#
# Include this concern and add a content_type_whitelist method to get the same
# behavior as you would with CarrierWave 2.
#
# This is not an exact replacement as we don't override
# SanitizedFile#content_type but we do set the content_type attribute when we
# check the whitelist.
#
# Remove this after moving to CarrierWave 2, though on practical terms it shouldn't
# break anything if left for a while.
module ContentTypeWhitelist
module Concern
extend ActiveSupport::Concern
private
# CarrierWave calls this method as part of it's before :cache callbacks.
# Here we override and extend CarrierWave's method that does not parse the
# magic headers.
def check_content_type_whitelist!(new_file)
if content_type_whitelist
content_type = mime_magic_content_type(new_file.path)
unless whitelisted_content_type?(content_type)
message = I18n.t(:"errors.messages.content_type_whitelist_error", allowed_types: Array(content_type_whitelist).join(", "))
raise CarrierWave::IntegrityError, message
end
end
end
def whitelisted_content_type?(content_type)
Array(content_type_whitelist).any? { |item| content_type =~ /#{item}/ }
end
def mime_magic_content_type(path)
if path
File.open(path) do |file|
Gitlab::Utils::MimeType.from_io(file) || 'invalid/invalid'
end
end
rescue Errno::ENOENT
nil
end
end
end