Merge branch 'prevent-blob-loads'

lib/linguist/blob_helper.rb

@@ -90,6 +90,15 @@ def detect_encoding
       @detect_encoding ||= CharlockHolmes::EncodingDetector.new.detect(data) if data
     end
 
+    # Public: Is the blob binary according to its mime type
+    #
+    # Return true or false
+    def binary_mime_type?
+      if mime_type = Mime.lookup_mime_type_for(pathname.extname)
+        mime_type.binary?
+      end
+    end
+
     # Public: Is the blob binary?
     #
     # Return true or false
@@ -126,6 +135,22 @@ def image?
       ['.png', '.jpg', '.jpeg', '.gif'].include?(extname)
     end
 
+    # Public: Is the blob a possible drupal php file?
+    #
+    # Return true or false
+    def drupal_extname?
+      ['.module', '.install', '.test', '.inc'].include?(extname)
+    end
+
+    # Public: Is the blob likely to have a shebang?
+    #
+    # Return true or false
+    def shebang_extname?
+      extname.empty? &&
+        mode &&
+        (mode.to_i(8) & 05) == 05
+    end
+
     MEGABYTE = 1024 * 1024
 
     # Public: Is the blob too big to load?
@@ -141,7 +166,7 @@ def large?
     #
     # Return true or false
     def viewable?
-      text? && !large?
+      !large? && text?
     end
 
     vendored_paths = YAML.load_file(File.expand_path("../vendor.yml", __FILE__))
@@ -359,7 +384,7 @@ def language
     #
     # Returns a Language or nil
     def guess_language
-      return if binary?
+      return if binary_mime_type?
 
       # Disambiguate between multiple language extensions
       disambiguate_extension_language ||
@@ -503,10 +528,13 @@ def guess_gsp_language
 
     # Internal: Guess language from the first line.
     #
-    # Look for leading "<?php"
+    # Look for leading "<?php" in Drupal files
     #
     # Returns a Language.
     def first_line_language
+      # Only check files with drupal php extensions
+      return unless drupal_extname?
+
       # Fail fast if blob isn't viewable?
       return unless viewable?
 
@@ -573,6 +601,9 @@ def shebang_script
     #
     # Returns the Language or nil
     def shebang_language
+      # Skip file extensions unlikely to have shebangs
+      return unless shebang_extname?
+
       if script = shebang_script
         Language[script]
       end

lib/linguist/file_blob.rb

@@ -32,6 +32,13 @@ def initialize(path, base_path = nil)
     # Returns a String
     attr_reader :name
 
+    # Public: Read file permissions
+    #
+    # Returns a String like '100644'
+    def mode
+      File.stat(@path).mode.to_s(8)
+    end
+
     # Public: Read file contents.
     #
     # Returns a String.

lib/linguist/repository.rb

@@ -67,6 +67,9 @@ def compute_stats
       return if @computed_stats
 
       @enum.each do |blob|
+        # Skip binary file extensions
+        next if blob.binary_mime_type?
+
         # Skip vendored or generated blobs
         next if blob.vendored? || blob.generated? || blob.language.nil?
 

lib/linguist/vendor.yml

@@ -57,6 +57,8 @@
 - (^|/)ckeditor\.js$
 - (^|/)tiny_mce([^.]*)\.js$
 
+# MathJax
+- (^|/)MathJax/
 
 ## Python ##
 

test/test_blob.rb

@@ -17,6 +17,12 @@ def blob(name)
     FileBlob.new(File.join(fixtures_path, name), fixtures_path)
   end
 
+  def script_blob(name)
+    blob = blob(name)
+    blob.instance_variable_set(:@name, 'script')
+    blob
+  end
+
   def test_name
     assert_equal "foo.rb", blob("foo.rb").name
   end
@@ -385,40 +391,40 @@ def test_lexer
   end
 
   def test_shebang_script
-    assert_equal 'sh', blob("script.sh").shebang_script
-    assert_equal 'bash', blob("script.bash").shebang_script
-    assert_equal 'zsh', blob("script.zsh").shebang_script
-    assert_equal 'perl', blob("script.pl").shebang_script
-    assert_equal 'ruby', blob("script.rb").shebang_script
-    assert_equal 'ruby', blob("script2.rb").shebang_script
-    assert_equal 'python', blob("script.py").shebang_script
-    assert_equal 'node', blob("script.js").shebang_script
-    assert_equal 'groovy', blob("script.groovy").shebang_script
-    assert_equal 'macruby', blob("script.mrb").shebang_script
-    assert_equal 'rake', blob("script.rake").shebang_script
-    assert_equal 'foo', blob("script.foo").shebang_script
-    assert_equal 'nush', blob("script.nu").shebang_script
-    assert_equal 'scala', blob("script.scala").shebang_script
-    assert_equal 'racket', blob("script.rkt").shebang_script
-    assert_equal nil, blob("foo.rb").shebang_script
+    assert_equal 'sh', script_blob("script.sh").shebang_script
+    assert_equal 'bash', script_blob("script.bash").shebang_script
+    assert_equal 'zsh', script_blob("script.zsh").shebang_script
+    assert_equal 'perl', script_blob("script.pl").shebang_script
+    assert_equal 'ruby', script_blob("script.rb").shebang_script
+    assert_equal 'ruby', script_blob("script2.rb").shebang_script
+    assert_equal 'python', script_blob("script.py").shebang_script
+    assert_equal 'node', script_blob("script.js").shebang_script
+    assert_equal 'groovy', script_blob("script.groovy").shebang_script
+    assert_equal 'macruby', script_blob("script.mrb").shebang_script
+    assert_equal 'rake', script_blob("script.rake").shebang_script
+    assert_equal 'foo', script_blob("script.foo").shebang_script
+    assert_equal 'nush', script_blob("script.nu").shebang_script
+    assert_equal 'scala', script_blob("script.scala").shebang_script
+    assert_equal 'racket', script_blob("script.rkt").shebang_script
+    assert_equal nil, script_blob("foo.rb").shebang_script
   end
 
   def test_shebang_language
-    assert_equal Language['Shell'], blob("script.sh").shebang_language
-    assert_equal Language['Shell'], blob("script.bash").shebang_language
-    assert_equal Language['Shell'], blob("script.zsh").shebang_language
-    assert_equal Language['Perl'], blob("script.pl").shebang_language
-    assert_equal Language['Ruby'], blob("script.rb").shebang_language
-    assert_equal Language['Python'], blob("script.py").shebang_language
-    assert_equal Language['JavaScript'], blob("script.js").shebang_language
-    assert_equal Language['Groovy'], blob("script.groovy").shebang_language
-    assert_equal Language['Ruby'], blob("script.mrb").shebang_language
-    assert_equal Language['Ruby'], blob("script.rake").shebang_language
-    assert_equal Language['Nu'], blob("script.nu").shebang_language
-    assert_equal Language['Scala'], blob("script.scala").shebang_language
-    assert_equal Language['Racket'], blob("script.rkt").shebang_language
-    assert_equal nil, blob("script.foo").shebang_language
-    assert_equal nil, blob("foo.rb").shebang_language
+    assert_equal Language['Shell'], script_blob("script.sh").shebang_language
+    assert_equal Language['Shell'], script_blob("script.bash").shebang_language
+    assert_equal Language['Shell'], script_blob("script.zsh").shebang_language
+    assert_equal Language['Perl'], script_blob("script.pl").shebang_language
+    assert_equal Language['Ruby'], script_blob("script.rb").shebang_language
+    assert_equal Language['Python'], script_blob("script.py").shebang_language
+    assert_equal Language['JavaScript'], script_blob("script.js").shebang_language
+    assert_equal Language['Groovy'], script_blob("script.groovy").shebang_language
+    assert_equal Language['Ruby'], script_blob("script.mrb").shebang_language
+    assert_equal Language['Ruby'], script_blob("script.rake").shebang_language
+    assert_equal Language['Nu'], script_blob("script.nu").shebang_language
+    assert_equal Language['Scala'], script_blob("script.scala").shebang_language
+    assert_equal Language['Racket'], script_blob("script.rkt").shebang_language
+    assert_equal nil, script_blob("script.foo").shebang_language
+    assert_equal nil, script_blob("foo.rb").shebang_language
   end
 
   def test_colorize