Module: DocumentToRichHtml::SecurityUtils

Defined in:

lib/document_to_rich_html/security_utils.rb

Constant Summary

MAX_FILE_SIZE =

Default to 10 MB if not set

(ENV['MAX_FILE_SIZE'] || 10 * 1024 * 1024).to_i

Class Method Summary

• .create_temp_file(extension) ⇒ Object
• .delete_temp_file(temp_file) ⇒ Object
• .validate_file(file_path) ⇒ Object

Class Method Details

.create_temp_file(extension) ⇒ Object

# File 'lib/document_to_rich_html/security_utils.rb', line 23

def self.create_temp_file(extension)
  temp_file = Tempfile.new(['document_to_rich_html', extension])
  temp_file.binmode
  temp_file
end

.delete_temp_file(temp_file) ⇒ Object

# File 'lib/document_to_rich_html/security_utils.rb', line 29

def self.delete_temp_file(temp_file)
  temp_file.close
  temp_file.unlink
end

.validate_file(file_path) ⇒ Object

Raises:

• (Error)

# File 'lib/document_to_rich_html/security_utils.rb', line 9

def self.validate_file(file_path)
  raise Error, "File not found: #{file_path}" unless File.exist?(file_path)
  raise Error, 'File too large' if File.size(file_path) > MAX_FILE_SIZE

  # For testing purposes, assume all files are valid
  return if ENV['RAILS_ENV'] == 'test' || ENV['RACK_ENV'] == 'test'

  mime_type = `file --mime-type -b #{file_path}`.strip
  allowed_types = ['application/pdf', 'application/msword', 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
                   'application/vnd.ms-excel', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
                   'image/jpeg', 'image/png', 'image/gif', 'image/svg+xml']
  raise Error, "Invalid file type: #{mime_type}" unless allowed_types.include?(mime_type)
end