Permalink
Browse files

Now using safe_shell to protect from bad inputs.

  • Loading branch information...
1 parent b7000e9 commit 3d11f8b59b4098b1ec10f52393594a6a74b234f3 @jnunemaker committed Jan 22, 2011
Showing with 22 additions and 4 deletions.
  1. +4 −1 Gemfile.lock
  2. +12 −2 lib/wand.rb
  3. +5 −1 test/test_wand.rb
  4. +1 −0 wand.gemspec
View
@@ -1,8 +1,9 @@
PATH
remote: .
specs:
- wand (0.2.1)
+ wand (0.3)
mime-types
+ safe_shell (~> 1.0.0)
GEM
remote: http://rubygems.org/
@@ -11,6 +12,7 @@ GEM
mocha (0.9.10)
rake
rake (0.8.7)
+ safe_shell (1.0.0)
shoulda (2.11.3)
PLATFORMS
@@ -19,5 +21,6 @@ PLATFORMS
DEPENDENCIES
mime-types
mocha
+ safe_shell (~> 1.0.0)
shoulda
wand!
View
@@ -1,9 +1,10 @@
require 'mime/types'
+require 'safe_shell'
module Wand
def self.wave(path, options={})
type = MIME::Types.type_for(options[:original_filename] || path)[0].to_s
- type = execute_file_cmd(path).split(';')[0].strip if type.nil? || type == ''
+ type = parse_type(execute_file_cmd(path)) if blank?(type)
type = nil if type =~ /^cannot/i
type
end
@@ -16,7 +17,16 @@ def self.executable=(path)
@executable = path
end
+private
+ def self.parse_type(output)
+ output.split(';')[0].strip
+ end
+
def self.execute_file_cmd(path)
- `#{executable} --mime --brief #{path}`
+ SafeShell.execute("#{executable}", "--mime", "--brief", path)
+ end
+
+ def self.blank?(str)
+ str.nil? || str == ''
end
end
View
@@ -3,7 +3,7 @@
class TestWand < Test::Unit::TestCase
context "Wand" do
setup do
- Wand.executable = `which file`.chomp
+ Wand.executable = nil
end
{
@@ -64,5 +64,9 @@ class TestWand < Test::Unit::TestCase
Wand.expects(:execute_file_cmd).returns("cannot open file")
assert_equal nil, Wand.wave('')
end
+
+ should "properly handle bad stuff" do
+ assert_nothing_raised { Wand.wave(';blah') }
+ end
end
end
View
@@ -13,6 +13,7 @@ Gem::Specification.new do |s|
s.description = %q{Mime-Type gem with fallback to unix file command}
s.add_dependency 'mime-types'
+ s.add_dependency 'safe_shell', '~> 1.0.0'
s.add_development_dependency 'shoulda'
s.add_development_dependency 'mocha'

0 comments on commit 3d11f8b

Please sign in to comment.