lib/bulk_imports/file_downloads/validations.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

# frozen_string_literal: true

module BulkImports
  module FileDownloads
    module Validations
      def raise_error(message)
        raise NotImplementedError
      end

      def filepath
        raise NotImplementedError
      end

      def file_size_limit
        raise NotImplementedError
      end

      def response_headers
        raise NotImplementedError
      end

      private

      def validate_filepath
        Gitlab::PathTraversal.check_path_traversal!(filepath)
      end

      def validate_content_type
        content_type = response_headers['content-type']

        raise_error('Invalid content type') if content_type.blank? || allowed_content_types.exclude?(content_type)
      end

      def validate_symlink
        return unless File.lstat(filepath).symlink?

        File.delete(filepath)
        raise_error 'Invalid downloaded file'
      end

      def validate_content_length
        validate_size!(response_headers['content-length'])
      end

      def validate_size!(size)
        if size.blank?
          raise_error 'Missing content-length header'
        elsif size.to_i > file_size_limit
          raise_error format(
            "File size %{size} exceeds limit of %{limit}",
            size: ActiveSupport::NumberHelper.number_to_human_size(size),
            limit: ActiveSupport::NumberHelper.number_to_human_size(file_size_limit)
          )
        end
      end
    end
  end
end