Module: Gitlab::FileTypeDetection

Included in:
DesignManagement::Design, FileMarkdownLinkBuilder
Defined in:
lib/gitlab/file_type_detection.rb

Constant Summary collapse

SAFE_IMAGE_EXT =
%w[png jpg jpeg gif bmp tiff ico].freeze
SAFE_IMAGE_FOR_SCALING_EXT =
%w[png jpg jpeg].freeze
PDF_EXT =
'pdf'
SAFE_VIDEO_EXT =

We recommend using the .mp4 format over .mov. Videos in .mov format can still be used but you really need to make sure they are served with the proper MIME type video/mp4 and not video/quicktime or your videos won't play on IE >= 9. archive.sublimevideo.info/20150912/docs.sublimevideo.net/troubleshooting.html

%w[mp4 m4v mov webm ogv].freeze
SAFE_AUDIO_EXT =
%w[mp3 oga ogg spx wav].freeze
DANGEROUS_IMAGE_EXT =

These extension types can contain dangerous code and should only be embedded inline with proper filtering. They should always be tagged as “Content-Disposition: attachment”, not “inline”.

%w[svg].freeze
DANGEROUS_VIDEO_EXT =

None, yet

[].freeze
DANGEROUS_AUDIO_EXT =

None, yet

[].freeze

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.extension_match?(filename, extensions) ⇒ Boolean

Returns:

  • (Boolean)

40
41
42
43
44
45
# File 'lib/gitlab/file_type_detection.rb', line 40

def self.extension_match?(filename, extensions)
  return false unless filename.present?

  extension = File.extname(filename).delete('.')
  extensions.include?(extension.downcase)
end

Instance Method Details

#audio?Boolean

Returns:

  • (Boolean)

61
62
63
# File 'lib/gitlab/file_type_detection.rb', line 61

def audio?
  extension_match?(SAFE_AUDIO_EXT)
end

#dangerous_audio?Boolean

Returns:

  • (Boolean)

81
82
83
# File 'lib/gitlab/file_type_detection.rb', line 81

def dangerous_audio?
  extension_match?(DANGEROUS_AUDIO_EXT)
end

#dangerous_embeddable?Boolean

Returns:

  • (Boolean)

85
86
87
# File 'lib/gitlab/file_type_detection.rb', line 85

def dangerous_embeddable?
  dangerous_image? || dangerous_video? || dangerous_audio?
end

#dangerous_image?Boolean

Returns:

  • (Boolean)

73
74
75
# File 'lib/gitlab/file_type_detection.rb', line 73

def dangerous_image?
  extension_match?(DANGEROUS_IMAGE_EXT)
end

#dangerous_video?Boolean

Returns:

  • (Boolean)

77
78
79
# File 'lib/gitlab/file_type_detection.rb', line 77

def dangerous_video?
  extension_match?(DANGEROUS_VIDEO_EXT)
end

#embeddable?Boolean

Returns:

  • (Boolean)

69
70
71
# File 'lib/gitlab/file_type_detection.rb', line 69

def embeddable?
  image? || video? || audio?
end

#image?Boolean

Returns:

  • (Boolean)

47
48
49
# File 'lib/gitlab/file_type_detection.rb', line 47

def image?
  extension_match?(SAFE_IMAGE_EXT)
end

#image_safe_for_scaling?Boolean

For the time being, we restrict image scaling requests to the most popular and safest formats only, which are JPGs and PNGs. See gitlab.com/gitlab-org/gitlab/-/issues/237848 for more info.

Returns:

  • (Boolean)

53
54
55
# File 'lib/gitlab/file_type_detection.rb', line 53

def image_safe_for_scaling?
  extension_match?(SAFE_IMAGE_FOR_SCALING_EXT)
end

#pdf?Boolean

Returns:

  • (Boolean)

65
66
67
# File 'lib/gitlab/file_type_detection.rb', line 65

def pdf?
  extension_match?([PDF_EXT])
end

#video?Boolean

Returns:

  • (Boolean)

57
58
59
# File 'lib/gitlab/file_type_detection.rb', line 57

def video?
  extension_match?(SAFE_VIDEO_EXT)
end