Merge pull request #5844 from betagouv/check_content_type
Restreint les content type autorisé des pièces jointes
This commit is contained in:
commit
ec1f6a7bfb
5 changed files with 107 additions and 1 deletions
|
@ -24,6 +24,14 @@ class Avis < ApplicationRecord
|
|||
has_one_attached :piece_justificative_file
|
||||
has_one_attached :introduction_file
|
||||
|
||||
validates :piece_justificative_file,
|
||||
content_type: AUTHORIZED_CONTENT_TYPES,
|
||||
size: { less_than: 20.megabytes }
|
||||
|
||||
validates :introduction_file,
|
||||
content_type: AUTHORIZED_CONTENT_TYPES,
|
||||
size: { less_than: 20.megabytes }
|
||||
|
||||
validates :email, format: { with: Devise.email_regexp, message: "n'est pas valide" }, allow_nil: true
|
||||
validates :claimant, presence: true
|
||||
validates :piece_justificative_file, size: { less_than: 20.megabytes }
|
||||
|
|
|
@ -23,6 +23,10 @@ class Champs::PieceJustificativeChamp < Champ
|
|||
size: { less_than: MAX_SIZE },
|
||||
if: -> { !type_de_champ.skip_pj_validation }
|
||||
|
||||
validates :piece_justificative_file,
|
||||
content_type: AUTHORIZED_CONTENT_TYPES,
|
||||
if: -> { !type_de_champ.skip_content_type_pj_validation }
|
||||
|
||||
def main_value_name
|
||||
:piece_justificative_file
|
||||
end
|
||||
|
|
|
@ -22,7 +22,10 @@ class Commentaire < ApplicationRecord
|
|||
has_one_attached :piece_jointe
|
||||
|
||||
validates :body, presence: { message: "ne peut être vide" }
|
||||
validates :piece_jointe, size: { less_than: 20.megabytes }
|
||||
|
||||
validates :piece_jointe,
|
||||
content_type: AUTHORIZED_CONTENT_TYPES,
|
||||
size: { less_than: 20.megabytes }
|
||||
|
||||
default_scope { order(created_at: :asc) }
|
||||
scope :updated_since?, -> (date) { where('commentaires.updated_at > ?', date) }
|
||||
|
|
84
config/initializers/authorized_content_types.rb
Normal file
84
config/initializers/authorized_content_types.rb
Normal file
|
@ -0,0 +1,84 @@
|
|||
AUTHORIZED_CONTENT_TYPES = [
|
||||
# multimedia
|
||||
'image/jpeg', # multimedia x 1467465
|
||||
'image/png', # multimedia x 126662
|
||||
'image/tiff', # multimedia x 3985
|
||||
'image/bmp', # multimedia x 3656
|
||||
'video/mp4', # multimedia x 2075
|
||||
'image/webp', # multimedia x 529
|
||||
'video/quicktime', # multimedia x 486
|
||||
'image/gif', # multimedia x 463
|
||||
'video/3gpp', # multimedia x 216
|
||||
'image/vnd.dwg', # multimedia x 137 auto desk
|
||||
'audio/mpeg', # multimedia x 26
|
||||
'video/x-ms-wm', # multimedia x 15 video microsoft ?
|
||||
|
||||
# application / program
|
||||
'application/json', # program x 6653577
|
||||
'application/zip', # program x 25831
|
||||
'application/octet-stream', # program x 8923 autodesk, citadel
|
||||
'text/x-adasrc', # program x 5116 agricultaral data
|
||||
'application/x-ole-storage', # program x 5015 msg message microsoft
|
||||
'application/x-zip-compressed', # program x 3242
|
||||
'text/csv', # program x 1901
|
||||
'message/rfc822', # program x 1622 .msg
|
||||
'application/x-7z-compressed', # program x 1359
|
||||
'application/vnd.rar', # program x 1344
|
||||
'application/x-x509-ca-cert', # program x 631
|
||||
'application/xml', # program x 314
|
||||
'text/x-log', # program x 188
|
||||
'application/gpx+xml', # program x 51
|
||||
'binary/octet-stream', # program x 48
|
||||
'application/octetstream', # program x 41
|
||||
'application/postscript', # program x 38
|
||||
'application/x-rar', # program x 37
|
||||
'octet/stream', # program x 33
|
||||
'text/tab-separated-values', # program x 30
|
||||
'application/gzip', # program x 24
|
||||
'application/x-dbf', # inconnu x 24 dbase table file format (dbf)
|
||||
'applicaton/octet-stream', # program x 17
|
||||
'application/vnd.google-earth.kml+xml', # autre x 10 transfert de point google
|
||||
'text/xml', # program x 10
|
||||
|
||||
# text / sheet / presentation
|
||||
'application/pdf', # text x 4628654
|
||||
'application/vnd.ms-excel', # text x 166674
|
||||
'application/vnd.openxmlformats-officedocument.wordprocessingml.document', # text x 103879
|
||||
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', # text x 86336
|
||||
'application/vnd.oasis.opendocument.text', # text x 46229
|
||||
'application/msword', # text x 30167
|
||||
'text/plain', # text x 24477
|
||||
'application/vnd.oasis.opendocument.spreadsheet', # text x 15218
|
||||
'application/vnd.openxmlformats-officedocument.presentationml.presentation', # text x 3231
|
||||
'application/vnd.ms-excel.sheet.macroenabled.12', # text x 1487
|
||||
'application/rtf', # text x 1438
|
||||
'application/vnd.apple.pages', # text x 609
|
||||
'application/vnd.oasis.opendocument.graphics', # text x 535
|
||||
'application/vnd.ms-powerpoint', # text x 363
|
||||
'application/vnd.oasis.opendocument.presentation', # text x 169
|
||||
'application/oxps', # inconnu x 149 openxml ?
|
||||
'application/vnd.apple.numbers', # text x 144
|
||||
'application/x-iwork-pages-sffpages', # text x 139
|
||||
'application/vnd.ms-publisher', # text x 100
|
||||
'application/vnd.oasis.opendocument.text-template', # text x 100
|
||||
'application/vnd.openxmlformats-officedocument.wordprocessingml.template', # text x 75
|
||||
'application/vnd.ms-word.document.macroenabled.12', # text x 61
|
||||
'application/vnd.openxmlformats-officedocument.spreadsheetml.template', # text x 59
|
||||
'application/vnd.openxmlformats-officedocument.presentationml.slideshow', # text x 32
|
||||
'application/x-pdf', # text x 30
|
||||
'application/kswps', # inconnu x 26 , text ?
|
||||
'application/x-iwork-numbers-sffnumbers', # text x 25
|
||||
'text/rtf', # text x 25
|
||||
'image/pdf', # text x 23
|
||||
'application/vnd.ms-xpsdocument', # text x 23
|
||||
'application/vnd.ms-excel.sheet.binary.macroenabled.12', # text x 21
|
||||
'application/vnd.ms-powerpoint.presentation.macroenabled.12', # text x 15
|
||||
'application/x-msword', # text x 15
|
||||
'application/vnd.oasis.opendocument.spreadsheet-template', # text x 14
|
||||
'application/vnd.oasis.opendocument.text-master', # text x 12
|
||||
'text/pdf', # text x 12
|
||||
'application/x-abiword', # text x 11
|
||||
'application/x-iwork-keynote-sffnumbers', # text x 11
|
||||
'application/x-iwork-keynote-sffkey', # text x 10
|
||||
'application/vnd.sun.xml.writer' # text x 10
|
||||
]
|
|
@ -22,6 +22,7 @@ describe Champs::PieceJustificativeChamp do
|
|||
|
||||
context "by default" do
|
||||
it { is_expected.to validate_size_of(:piece_justificative_file).less_than(Champs::PieceJustificativeChamp::MAX_SIZE) }
|
||||
it { is_expected.to validate_content_type_of(:piece_justificative_file).rejecting('application/x-ms-dos-executable') }
|
||||
it { expect(champ_pj.type_de_champ.skip_pj_validation).to be_falsy }
|
||||
end
|
||||
|
||||
|
@ -30,6 +31,12 @@ describe Champs::PieceJustificativeChamp do
|
|||
|
||||
it { is_expected.not_to validate_size_of(:piece_justificative_file).less_than(Champs::PieceJustificativeChamp::MAX_SIZE) }
|
||||
end
|
||||
|
||||
context "when content-type validation is disabled" do
|
||||
before { champ_pj.type_de_champ.update(skip_content_type_pj_validation: true) }
|
||||
|
||||
it { is_expected.not_to validate_content_type_of(:piece_justificative_file).rejecting('application/x-ms-dos-executable') }
|
||||
end
|
||||
end
|
||||
|
||||
describe "#for_export" do
|
||||
|
|
Loading…
Reference in a new issue