MIME type detection of Paperclip::MediaTypeSpoofDetector doesn't work with old versions of file #2527

vakuum · 2018-01-11T15:12:42Z

In old versions of file a space is used to separate the MIME type from the encoding:

$ file --version
file-4.24

$ file -b --mime test.txt
text/html charset=us-ascii

$ cat /etc/SuSE-release 
SUSE Linux Enterprise Server 11 (x86_64)

In new versions of file a semicolon is used to separate the MIME type from the encoding:

$ file --version
file-5.25

$ file -b --mime test.txt
text/html; charset=us-ascii

$ lsb_release -d
Description:    Ubuntu 16.04.3 LTS

In media_type_spoof_detector.rb the split method is used to separate the MIME type from the encoding:

def type_from_file_command
...
	Paperclip.run("file", "-b --mime :file", :file => @file.path).split(/[:;]\s+/).first
...
end

But this doesn't work for old versions of file because the regexp doesn't match the space correctly:

> 'text/html charset=us-ascii'.split(/[:;]\s+/).first
=> "text/html charset=us-ascii"

> 'text/html; charset=us-ascii'.split(/[:;]\s+/).first
=> "text/html"

Moving the whitespace character into the character class solves the problem:

> 'text/html charset=us-ascii'.split(/[:;\s]+/).first
=> "text/html

> 'text/html; charset=us-ascii'.split(/[:;\s]+/).first
=> "text/html"

Monkey patch

Currently I am using the following monkey patch as a workaround:

module Paperclip
  class MediaTypeSpoofDetector
    private

    def type_from_file_command
      begin
        Paperclip.run('file', '-b --mime-type :file', :file => @file.path)
      rescue Cocaine::CommandLineError
        ''
      end
    end
  end
end

The text was updated successfully, but these errors were encountered:

vakuum · 2018-01-11T15:37:17Z

Fun fact 1

The file_command_content_type_detector.rb contains another implementation of the type_from_file_command method:

def type_from_file_command
  type = begin
    Paperclip.run("file", "-b --mime :file", :file => @filename)
    ...
  end
  ...
  type.split(/[:;\s]+/)[0]
end

The regexp of this implementation works correctly, because the whitespace character is already part of the character class.

Fun fact 2

The original implementation of Paperclip::MediaTypeSpoofDetector used the --mime-type parameter like the monkey patch above:

… with old versions of file. Please see thoughtbot#2527 for details.

vakuum · 2018-01-15T13:25:42Z

I created a pull request for this issue: #2528.

… with old versions of file. Please see #2527 for details.

vakuum added a commit to vakuum/paperclip that referenced this issue Jan 13, 2018

MIME type detection of Paperclip::MediaTypeSpoofDetector doesn't work…

4208b88

… with old versions of file. Please see thoughtbot#2527 for details.

vakuum mentioned this issue Jan 13, 2018

MIME type detection of Paperclip::MediaTypeSpoofDetector doesn't work with old versions of file. #2528

Closed

vakuum added a commit to vakuum/paperclip that referenced this issue Jan 13, 2018

MIME type detection of Paperclip::MediaTypeSpoofDetector doesn't work…

d6d0b6c

… with old versions of file. Please see thoughtbot#2527 for details.

vakuum added a commit to vakuum/paperclip that referenced this issue Jan 13, 2018

MIME type detection of Paperclip::MediaTypeSpoofDetector doesn't work…

c1775c4

… with old versions of file. Please see thoughtbot#2527 for details.

vakuum added a commit to vakuum/paperclip that referenced this issue Jan 13, 2018

MIME type detection of Paperclip::MediaTypeSpoofDetector doesn't work…

0fa0236

… with old versions of file. Please see thoughtbot#2527 for details.

vakuum added a commit to vakuum/paperclip that referenced this issue Jan 13, 2018

MIME type detection of Paperclip::MediaTypeSpoofDetector doesn't work…

431c2c9

… with old versions of file. Please see thoughtbot#2527 for details.

vakuum added a commit to vakuum/paperclip that referenced this issue Jan 13, 2018

MIME type detection of Paperclip::MediaTypeSpoofDetector doesn't work…

8645eff

… with old versions of file. Please see thoughtbot#2527 for details.

vakuum added a commit to vakuum/paperclip that referenced this issue Jan 13, 2018

MIME type detection of Paperclip::MediaTypeSpoofDetector doesn't work…

06b5ca5

… with old versions of file. Please see thoughtbot#2527 for details.

sidraval pushed a commit that referenced this issue Jan 30, 2018

MIME type detection of Paperclip::MediaTypeSpoofDetector doesn't work…

5eb0df6

… with old versions of file. Please see #2527 for details.

sidraval mentioned this issue Jan 30, 2018

MIME type detection of Paperclip::MediaTypeSpoofDetector doesn't work… #2537

Merged

sidraval pushed a commit that referenced this issue Jan 30, 2018

MIME type detection of Paperclip::MediaTypeSpoofDetector doesn't work…

a99ffec

… with old versions of file. Please see #2527 for details.

sidraval closed this as completed Jan 30, 2018

dependabot-preview bot mentioned this issue Mar 16, 2018

Bump paperclip from 5.2.0 to 6.0.0 fsek/web#748

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

MIME type detection of Paperclip::MediaTypeSpoofDetector doesn't work with old versions of file #2527

MIME type detection of Paperclip::MediaTypeSpoofDetector doesn't work with old versions of file #2527

vakuum commented Jan 11, 2018 •

edited

vakuum commented Jan 11, 2018 •

edited

vakuum commented Jan 15, 2018

MIME type detection of Paperclip::MediaTypeSpoofDetector doesn't work with old versions of file #2527

MIME type detection of Paperclip::MediaTypeSpoofDetector doesn't work with old versions of file #2527

Comments

vakuum commented Jan 11, 2018 • edited

Monkey patch

vakuum commented Jan 11, 2018 • edited

Fun fact 1

Fun fact 2

vakuum commented Jan 15, 2018

vakuum commented Jan 11, 2018 •

edited

vakuum commented Jan 11, 2018 •

edited