Module: Gitlab::FileTypeDetection

Included in:

AbuseReport, DesignManagement::Design, FileMarkdownLinkBuilder

Defined in:

lib/gitlab/file_type_detection.rb

Constant Summary

SAFE_IMAGE_EXT =

%w[png jpg jpeg gif bmp tiff ico webp].freeze

SAFE_IMAGE_FOR_SCALING_EXT =

%w[png jpg jpeg].freeze

PDF_EXT =

'pdf'

SAFE_VIDEO_EXT =

We recommend using the .mp4 format over .mov. Videos in .mov format can still be used but you really need to make sure they are served with the proper MIME type video/mp4 and not video/quicktime or your videos won’t play on IE >= 9. archive.sublimevideo.info/20150912/docs.sublimevideo.net/troubleshooting.html

%w[mp4 m4v mov webm ogv].freeze

SAFE_AUDIO_EXT =

%w[mp3 oga ogg spx wav].freeze

DANGEROUS_IMAGE_EXT =

These extension types can contain dangerous code and should only be embedded inline with proper filtering. They should always be tagged as “Content-Disposition: attachment”, not “inline”.

%w[svg].freeze

DANGEROUS_VIDEO_EXT =

None, yet

[].freeze

DANGEROUS_AUDIO_EXT =

None, yet

[].freeze

Class Method Summary

• .extension_match?(filename, extensions) ⇒ Boolean

Instance Method Summary

• #audio? ⇒ Boolean
• #dangerous_audio? ⇒ Boolean
• #dangerous_embeddable? ⇒ Boolean
• #dangerous_image? ⇒ Boolean
• #dangerous_video? ⇒ Boolean
• #embeddable? ⇒ Boolean
• #image? ⇒ Boolean
• #image_safe_for_scaling? ⇒ Boolean

  For the time being, we restrict image scaling requests to the most popular and safest formats only, which are JPGs and PNGs.

• #pdf? ⇒ Boolean
• #video? ⇒ Boolean

Class Method Details

.extension_match?(filename, extensions) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/file_type_detection.rb', line 40

def self.extension_match?(filename, extensions)
  return false unless filename.present?

  extension = File.extname(filename).delete('.')
  extensions.include?(extension.downcase)
end

Instance Method Details

#audio? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/file_type_detection.rb', line 61

def audio?
  extension_match?(SAFE_AUDIO_EXT)
end

#dangerous_audio? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/file_type_detection.rb', line 81

def dangerous_audio?
  extension_match?(DANGEROUS_AUDIO_EXT)
end

#dangerous_embeddable? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/file_type_detection.rb', line 85

def dangerous_embeddable?
  dangerous_image? || dangerous_video? || dangerous_audio?
end

#dangerous_image? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/file_type_detection.rb', line 73

def dangerous_image?
  extension_match?(DANGEROUS_IMAGE_EXT)
end

#dangerous_video? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/file_type_detection.rb', line 77

def dangerous_video?
  extension_match?(DANGEROUS_VIDEO_EXT)
end

#embeddable? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/file_type_detection.rb', line 69

def embeddable?
  image? || video? || audio?
end

#image? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/file_type_detection.rb', line 47

def image?
  extension_match?(SAFE_IMAGE_EXT)
end

#image_safe_for_scaling? ⇒ Boolean

For the time being, we restrict image scaling requests to the most popular and safest formats only, which are JPGs and PNGs. See gitlab.com/gitlab-org/gitlab/-/issues/237848 for more info.

Returns:

• (Boolean)

# File 'lib/gitlab/file_type_detection.rb', line 53

def image_safe_for_scaling?
  extension_match?(SAFE_IMAGE_FOR_SCALING_EXT)
end

#pdf? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/file_type_detection.rb', line 65

def pdf?
  extension_match?([PDF_EXT])
end

#video? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/file_type_detection.rb', line 57

def video?
  extension_match?(SAFE_VIDEO_EXT)
end