Class: UploadedFile

Inherits:
Object
  • Object
show all
Defined in:
lib/uploaded_file.rb

Constant Summary collapse

InvalidPathError =
Class.new(StandardError)
UnknownSizeError =
Class.new(StandardError)

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(path, filename: nil, content_type: "application/octet-stream", sha256: nil, remote_id: nil, size: nil, upload_duration: nil) ⇒ UploadedFile

Returns a new instance of UploadedFile.


25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# File 'lib/uploaded_file.rb', line 25

def initialize(path, filename: nil, content_type: "application/octet-stream", sha256: nil, remote_id: nil, size: nil, upload_duration: nil)
  if path.present?
    raise InvalidPathError, "#{path} file does not exist" unless ::File.exist?(path)

    @tempfile = File.new(path, 'rb')
    @size = @tempfile.size
  else
    begin
      @size = Integer(size)
    rescue ArgumentError, TypeError
      raise UnknownSizeError, 'Unable to determine file size'
    end
  end

  begin
    @upload_duration = Float(upload_duration)
  rescue ArgumentError, TypeError
    @upload_duration = 0
  end

  @content_type = content_type
  @original_filename = sanitize_filename(filename || path || '')
  @content_type = content_type
  @sha256 = sha256
  @remote_id = remote_id
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(method_name, *args, &block) ⇒ Object

:nodoc:


107
108
109
# File 'lib/uploaded_file.rb', line 107

def method_missing(method_name, *args, &block) #:nodoc:
  @tempfile.__send__(method_name, *args, &block) # rubocop:disable GitlabSecurity/PublicSend
end

Instance Attribute Details

#content_typeObject

The content type of the “uploaded” file


18
19
20
# File 'lib/uploaded_file.rb', line 18

def content_type
  @content_type
end

#original_filenameObject (readonly)

The filename, not including the path, of the “uploaded” file


12
13
14
# File 'lib/uploaded_file.rb', line 12

def original_filename
  @original_filename
end

#remote_idObject (readonly)

Returns the value of attribute remote_id.


20
21
22
# File 'lib/uploaded_file.rb', line 20

def remote_id
  @remote_id
end

#sha256Object (readonly)

Returns the value of attribute sha256.


21
22
23
# File 'lib/uploaded_file.rb', line 21

def sha256
  @sha256
end

#sizeObject (readonly)

Returns the value of attribute size.


22
23
24
# File 'lib/uploaded_file.rb', line 22

def size
  @size
end

#tempfileObject (readonly)

The tempfile


15
16
17
# File 'lib/uploaded_file.rb', line 15

def tempfile
  @tempfile
end

#upload_durationObject (readonly)

Returns the value of attribute upload_duration.


23
24
25
# File 'lib/uploaded_file.rb', line 23

def upload_duration
  @upload_duration
end

Class Method Details

.allowed_path?(file_path, paths) ⇒ Boolean

Returns:

  • (Boolean)

81
82
83
84
85
# File 'lib/uploaded_file.rb', line 81

def self.allowed_path?(file_path, paths)
  paths.any? do |path|
    File.exist?(path) && file_path.start_with?(File.realpath(path))
  end
end

.from_params(params, upload_paths) ⇒ Object


52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# File 'lib/uploaded_file.rb', line 52

def self.from_params(params, upload_paths)
  path = params['path']
  remote_id = params['remote_id']
  return if path.blank? && remote_id.blank?

  # don't use file_path if remote_id is set
  if remote_id.present?
    file_path = nil
  elsif path.present?
    file_path = File.realpath(path)

    unless self.allowed_path?(file_path, Array(upload_paths).compact)
      raise InvalidPathError, "insecure path used '#{file_path}'"
    end
  end

  UploadedFile.new(
    file_path,
    filename: params['name'],
    content_type: params['type'] || 'application/octet-stream',
    sha256: params['sha256'],
    remote_id: remote_id,
    size: params['size'],
    upload_duration: params['upload_duration']
  ).tap do |uploaded_file|
    ::Gitlab::Instrumentation::Uploads.track(uploaded_file)
  end
end

Instance Method Details

#closeObject


101
102
103
# File 'lib/uploaded_file.rb', line 101

def close
  @tempfile&.close
end

#pathObject Also known as: local_path


97
98
99
# File 'lib/uploaded_file.rb', line 97

def path
  @tempfile&.path
end

#respond_to?(method_name, include_private = false) ⇒ Boolean

:nodoc:

Returns:

  • (Boolean)

111
112
113
# File 'lib/uploaded_file.rb', line 111

def respond_to?(method_name, include_private = false) #:nodoc:
  @tempfile.respond_to?(method_name, include_private) || super
end

#sanitize_filename(name) ⇒ Object

copy-pasted from CarrierWave::SanitizedFile


88
89
90
91
92
93
94
95
# File 'lib/uploaded_file.rb', line 88

def sanitize_filename(name)
  name = name.tr("\\", "/") # work-around for IE
  name = ::File.basename(name)
  name = name.gsub(CarrierWave::SanitizedFile.sanitize_regexp, "_")
  name = "_#{name}" if name =~ /\A\.+\z/
  name = "unnamed" if name.empty?
  name.mb_chars.to_s
end