debian-mirror-gitlab/lib/gitlab/file_type_detection.rb

# frozen_string_literal: true

# The method `filename` must be defined in classes that mix in this module.
#
# This module is intended to be used as a helper and not a security gate
# to validate that a file is safe, as it identifies files only by the
# file extension and not its actual contents.
#
# An example useage of this module is in `FileMarkdownLinkBuilder` that
# renders markdown depending on a file name.
#
# We use Workhorse to detect the real extension when we serve files with
# the `SendsBlob` helper methods, and ask Workhorse to set the content
# type when it serves the file:
# https://gitlab.com/gitlab-org/gitlab/blob/33e5955/app/helpers/workhorse_helper.rb#L48.
#
# Because Workhorse has access to the content when it is downloaded, if
# the type/extension doesn't match the real type, we adjust the
# `Content-Type` and `Content-Disposition` to the one we get from the detection.
module Gitlab
  module FileTypeDetection
    SAFE_IMAGE_EXT = %w[png jpg jpeg gif bmp tiff ico webp].freeze
    SAFE_IMAGE_FOR_SCALING_EXT = %w[png jpg jpeg].freeze

    PDF_EXT = 'pdf'
    # We recommend using the .mp4 format over .mov. Videos in .mov format can
    # still be used but you really need to make sure they are served with the
    # proper MIME type video/mp4 and not video/quicktime or your videos won't play
    # on IE >= 9.
    # http://archive.sublimevideo.info/20150912/docs.sublimevideo.net/troubleshooting.html
    SAFE_VIDEO_EXT = %w[mp4 m4v mov webm ogv].freeze
    SAFE_AUDIO_EXT = %w[mp3 oga ogg spx wav].freeze

    # These extension types can contain dangerous code and should only be embedded inline with
    # proper filtering. They should always be tagged as "Content-Disposition: attachment", not "inline".
    DANGEROUS_IMAGE_EXT = %w[svg].freeze
    DANGEROUS_VIDEO_EXT = [].freeze # None, yet
    DANGEROUS_AUDIO_EXT = [].freeze # None, yet

    def self.extension_match?(filename, extensions)
      return false unless filename.present?

      extension = File.extname(filename).delete('.')
      extensions.include?(extension.downcase)
    end

    def image?
      extension_match?(SAFE_IMAGE_EXT)
    end

    # For the time being, we restrict image scaling requests to the most popular and safest formats only,
    # which are JPGs and PNGs. See https://gitlab.com/gitlab-org/gitlab/-/issues/237848 for more info.
    def image_safe_for_scaling?
      extension_match?(SAFE_IMAGE_FOR_SCALING_EXT)
    end

    def video?
      extension_match?(SAFE_VIDEO_EXT)
    end

    def audio?
      extension_match?(SAFE_AUDIO_EXT)
    end

    def pdf?
      extension_match?([PDF_EXT])
    end

    def embeddable?
      image? || video? || audio?
    end

    def dangerous_image?
      extension_match?(DANGEROUS_IMAGE_EXT)
    end

    def dangerous_video?
      extension_match?(DANGEROUS_VIDEO_EXT)
    end

    def dangerous_audio?
      extension_match?(DANGEROUS_AUDIO_EXT)
    end

    def dangerous_embeddable?
      dangerous_image? || dangerous_video? || dangerous_audio?
    end

    private

    def extension_match?(extensions)
      ::Gitlab::FileTypeDetection.extension_match?(filename, extensions)
    end
  end
end
New upstream version 11.3.10+dfsg 2018-11-20 20:47:30 +05:30			`# frozen_string_literal: true`

New upstream version 12.9.2 2020-04-08 14:13:33 +05:30			# The method `filename` must be defined in classes that mix in this module.
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`#`
			`# This module is intended to be used as a helper and not a security gate`
			`# to validate that a file is safe, as it identifies files only by the`
			`# file extension and not its actual contents.`
			`#`
			# An example useage of this module is in `FileMarkdownLinkBuilder` that
			`# renders markdown depending on a file name.`
			`#`
			`# We use Workhorse to detect the real extension when we serve files with`
			# the `SendsBlob` helper methods, and ask Workhorse to set the content
			`# type when it serves the file:`
			`# https://gitlab.com/gitlab-org/gitlab/blob/33e5955/app/helpers/workhorse_helper.rb#L48.`
			`#`
			`# Because Workhorse has access to the content when it is downloaded, if`
			`# the type/extension doesn't match the real type, we adjust the`
			# `Content-Type` and `Content-Disposition` to the one we get from the detection.
New upstream version 11.3.10+dfsg 2018-11-20 20:47:30 +05:30			`module Gitlab`
			`module FileTypeDetection`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30			`SAFE_IMAGE_EXT = %w[png jpg jpeg gif bmp tiff ico webp].freeze`
New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`SAFE_IMAGE_FOR_SCALING_EXT = %w[png jpg jpeg].freeze`

New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`PDF_EXT = 'pdf'`
New upstream version 11.3.10+dfsg 2018-11-20 20:47:30 +05:30			`# We recommend using the .mp4 format over .mov. Videos in .mov format can`
			`# still be used but you really need to make sure they are served with the`
			`# proper MIME type video/mp4 and not video/quicktime or your videos won't play`
			`# on IE >= 9.`
			`# http://archive.sublimevideo.info/20150912/docs.sublimevideo.net/troubleshooting.html`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`SAFE_VIDEO_EXT = %w[mp4 m4v mov webm ogv].freeze`
			`SAFE_AUDIO_EXT = %w[mp3 oga ogg spx wav].freeze`

New upstream version 11.3.10+dfsg 2018-11-20 20:47:30 +05:30			`# These extension types can contain dangerous code and should only be embedded inline with`
			`# proper filtering. They should always be tagged as "Content-Disposition: attachment", not "inline".`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`DANGEROUS_IMAGE_EXT = %w[svg].freeze`
			`DANGEROUS_VIDEO_EXT = [].freeze # None, yet`
			`DANGEROUS_AUDIO_EXT = [].freeze # None, yet`
New upstream version 11.3.10+dfsg 2018-11-20 20:47:30 +05:30
New upstream version 12.9.2 2020-04-08 14:13:33 +05:30			`def self.extension_match?(filename, extensions)`
			`return false unless filename.present?`

			`extension = File.extname(filename).delete('.')`
			`extensions.include?(extension.downcase)`
			`end`

New upstream version 11.3.10+dfsg 2018-11-20 20:47:30 +05:30			`def image?`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`extension_match?(SAFE_IMAGE_EXT)`
New upstream version 11.3.10+dfsg 2018-11-20 20:47:30 +05:30			`end`

New upstream version 13.4.6 2020-11-24 15:15:51 +05:30			`# For the time being, we restrict image scaling requests to the most popular and safest formats only,`
			`# which are JPGs and PNGs. See https://gitlab.com/gitlab-org/gitlab/-/issues/237848 for more info.`
			`def image_safe_for_scaling?`
			`extension_match?(SAFE_IMAGE_FOR_SCALING_EXT)`
			`end`

New upstream version 11.3.10+dfsg 2018-11-20 20:47:30 +05:30			`def video?`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`extension_match?(SAFE_VIDEO_EXT)`
			`end`

			`def audio?`
			`extension_match?(SAFE_AUDIO_EXT)`
			`end`

New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`def pdf?`
			`extension_match?([PDF_EXT])`
			`end`

New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`def embeddable?`
			`image? \|\| video? \|\| audio?`
			`end`

			`def dangerous_image?`
			`extension_match?(DANGEROUS_IMAGE_EXT)`
			`end`

			`def dangerous_video?`
			`extension_match?(DANGEROUS_VIDEO_EXT)`
New upstream version 11.3.10+dfsg 2018-11-20 20:47:30 +05:30			`end`

New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`def dangerous_audio?`
			`extension_match?(DANGEROUS_AUDIO_EXT)`
New upstream version 11.3.10+dfsg 2018-11-20 20:47:30 +05:30			`end`

New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`def dangerous_embeddable?`
			`dangerous_image? \|\| dangerous_video? \|\| dangerous_audio?`
New upstream version 11.3.10+dfsg 2018-11-20 20:47:30 +05:30			`end`

			`private`

			`def extension_match?(extensions)`
New upstream version 12.9.2 2020-04-08 14:13:33 +05:30			`::Gitlab::FileTypeDetection.extension_match?(filename, extensions)`
New upstream version 11.3.10+dfsg 2018-11-20 20:47:30 +05:30			`end`
			`end`
			`end`