Sha256: 44ac874086d07c58cab21ff2cc012a30d3c3e6342a98b094f5d808ede99ba4e9
Contents?: true
Size: 1.33 KB
Versions: 1
Compression:
Stored size: 1.33 KB
Contents
# frozen_string_literal: true require 'mime/types' module FileValidators module Utils class MediaTypeSpoofDetector def initialize(content_type, file_name) @content_type = content_type @file_name = file_name end # media type spoof detection strategy: # # 1. it will not identify as spoofed if file name doesn't have any extension # 2. it will identify as spoofed if any of the file extension's media types # matches the media type of the content type. So it will return true for # `text` of `text/plain` mismatch with `image` of `image/jpeg`, but return false # for `image` of `image/png` match with `image` of `image/jpeg`. def spoofed? extension? && media_type_mismatch? end private def extension? # the following code replaced File.extname(@file_name).present? because it cannot # return the extension of a extension-only file names, e.g. '.html', '.jpg' etc @file_name.split('.').length > 1 end def media_type_mismatch? supplied_media_types.none? { |type| type == detected_media_type } end def supplied_media_types MIME::Types.type_for(@file_name).collect(&:media_type) end def detected_media_type @content_type.split('/').first end end end end
Version data entries
1 entries across 1 versions & 1 rubygems
Version | Path |
---|---|
file_validators-3.0.0.beta1 | lib/file_validators/utils/media_type_spoof_detector.rb |