54 lines
1.8 KiB
Ruby
54 lines
1.8 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
# Currently we run CarrierWave 1.3.1 which means we can not whitelist files
|
|
# by their content type through magic header parsing.
|
|
#
|
|
# This is a patch to hold us over until we get to CarrierWave 2 :) It's a mashup of
|
|
# CarrierWave's lib/carrierwave/uploader/content_type_whitelist.rb and
|
|
# lib/carrierwave/sanitized_file.rb
|
|
#
|
|
# Include this concern and add a content_type_whitelist method to get the same
|
|
# behavior as you would with CarrierWave 2.
|
|
#
|
|
# This is not an exact replacement as we don't override
|
|
# SanitizedFile#content_type but we do set the content_type attribute when we
|
|
# check the whitelist.
|
|
#
|
|
# Remove this after moving to CarrierWave 2, though on practical terms it shouldn't
|
|
# break anything if left for a while.
|
|
module ContentTypeWhitelist
|
|
module Concern
|
|
extend ActiveSupport::Concern
|
|
|
|
private
|
|
|
|
# CarrierWave calls this method as part of it's before :cache callbacks.
|
|
# Here we override and extend CarrierWave's method that does not parse the
|
|
# magic headers.
|
|
def check_content_type_whitelist!(new_file)
|
|
if content_type_whitelist
|
|
content_type = mime_magic_content_type(new_file.path)
|
|
|
|
unless whitelisted_content_type?(content_type)
|
|
message = I18n.t(:"errors.messages.content_type_whitelist_error", allowed_types: Array(content_type_whitelist).join(", "))
|
|
raise CarrierWave::IntegrityError, message
|
|
end
|
|
end
|
|
end
|
|
|
|
def whitelisted_content_type?(content_type)
|
|
Array(content_type_whitelist).any? { |item| content_type =~ /#{item}/ }
|
|
end
|
|
|
|
def mime_magic_content_type(path)
|
|
if path
|
|
File.open(path) do |file|
|
|
Gitlab::Utils::MimeType.from_io(file) || 'invalid/invalid'
|
|
end
|
|
end
|
|
rescue Errno::ENOENT
|
|
nil
|
|
end
|
|
end
|
|
end
|