Bug with content type detection

[n-rodriguez]

Hi there!

I think it should be nil here :

carrierwave/lib/carrierwave/sanitized_file.rb

Line 334 in d12a289

MimeMagic.by_magic(file).try(:type) || 'invalid/invalid'

(like in the rescue block) to let mini_mime_content_type have a chance to find the right mime type.

[mshibuya]

This is intentional, see #1942.

[n-rodriguez]

This is intentional, see #1942.

I understand, but for some reason it breaks CSV files detection.

[n-rodriguez]

Hi there! Any news?

[inkstak]

I have the same problem with CSV and plain text files.

[inkstak]

Example :

> CSV.open('foo.csv', 'w') { |f| f << %w[a b] }
> File.open('foo.csv') { |file| MimeMagic.by_magic(file) }
 => nil

The original plot about using MimeMagic was to mitigate a CVE on images files, right ?
Can we return the "invalid/invalid" only in such cases ?

type = File.open(path) do |file|
  MimeMagic.by_magic(file)&.type
end

if type.match?('image/') && type != MimeMagic.by_path(path)&.type
  type = 'invalid/invalid' 
end

type

[tiagoovieira]

Has anyone worked on a workaround on this?

I used Mini Mime to fetch the content_type as set it manually.

[inkstak]

class DocumentUploader < CarrierWave::Uploader::Base

  def content_type
    type = super

    # FIXME: https://github.com/carrierwaveuploader/carrierwave/pull/2474
    if type == 'invalid/invalid'
      type = ::MiniMime.lookup_by_filename(path).try(:content_type)
      type = 'invalid/invalid' unless type.nil? || type.start_with?('text/')
    end

    # Carrierwave always returns a string, even when content type is missing
    type.to_s
  end
end