mirror of
https://github.com/scratchfoundation/scratch-asset-types.git
synced 2025-07-05 05:50:20 -04:00
Merge pull request #8 from colbygk/update_svg_detection
Fix arbitrary upload bug
This commit is contained in:
commit
cb32d55a3e
4 changed files with 44 additions and 1 deletions
|
@ -17,6 +17,12 @@ If recognized, a JSON object will be returned of the form:
|
|||
|
||||
Examples:
|
||||
|
||||
Synchronous check on if a filename includes an acceptable extension:
|
||||
```javascript
|
||||
const assetTypes = require('scratch-asset-types');
|
||||
const result = assetTypes.acceptableExtension('filename');
|
||||
```
|
||||
|
||||
Synchronous check on a buffer:
|
||||
```javascript
|
||||
const assetTypes = require('scratch-asset-types');
|
||||
|
|
18
index.js
18
index.js
|
@ -3,6 +3,19 @@
|
|||
const typesList = require('./lib/typeslist');
|
||||
const readChunk = require('read-chunk');
|
||||
|
||||
// Check if the file extension provided is in our
|
||||
// list of acceptable file formats.
|
||||
// acceptable, return true
|
||||
// not acceptable, return false
|
||||
module.exports.acceptableExtension = fileName => {
|
||||
const pieces = fileName.split('.');
|
||||
if (pieces && pieces.length > 1 && pieces[pieces.length - 1] in typesList) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
};
|
||||
|
||||
module.exports.bufferCheck = input => {
|
||||
const buf = (input instanceof Uint8Array) ? input : new Uint8Array(input);
|
||||
|
||||
|
@ -30,6 +43,11 @@ module.exports.bufferCheck = input => {
|
|||
return true;
|
||||
};
|
||||
|
||||
// Starts with a <, assume SVG
|
||||
if (check([0x3c])) {
|
||||
return typesList.svg;
|
||||
}
|
||||
|
||||
if (check([0xFF, 0xD8, 0xFF])) {
|
||||
return typesList.jpg;
|
||||
}
|
||||
|
|
|
@ -8,6 +8,7 @@ module.exports = {
|
|||
mj2: {ext: 'jpg', mime: 'image/jpg'},
|
||||
mp3: {ext: 'mp3', mime: 'audio/mpeg'},
|
||||
png: {ext: 'png', mime: 'image/png'},
|
||||
svg: {ext: 'svg', mime: 'image/svg+xml'},
|
||||
webp: {ext: 'webp', mime: 'image/webp'},
|
||||
wav: {ext: 'wav', mime: 'audio/x-wav'},
|
||||
zip: {ext: 'zip', mime: 'application/zip'}
|
||||
|
|
|
@ -3,7 +3,7 @@ const fileType = require('../../index');
|
|||
const typesList = require('../../lib/typeslist');
|
||||
|
||||
const checkList = [
|
||||
'gif', 'jpg', 'json', 'mp3', 'png', 'wav', 'webp', 'zip'];
|
||||
'gif', 'jpg', 'json', 'mp3', 'png', 'svg', 'wav', 'webp', 'zip'];
|
||||
|
||||
tap.test('check-types', t => {
|
||||
checkList.forEach(thisType => {
|
||||
|
@ -23,3 +23,21 @@ checkList.forEach(thisType => fileType.asyncCheck(`./test/fixtures/test.${thisTy
|
|||
t.equals(result.mime, typesList[thisType].mime);
|
||||
t.end();
|
||||
})));
|
||||
|
||||
tap.test('Accept recognized extensions', t => {
|
||||
checkList.forEach(thisType => {
|
||||
const name = `test.${thisType}`;
|
||||
t.ok(fileType.acceptableExtension(name));
|
||||
});
|
||||
t.end();
|
||||
});
|
||||
|
||||
tap.test('reject unrecognized extension', t => {
|
||||
t.notOk(fileType.acceptableExtension('test.exe'));
|
||||
t.notOk(fileType.acceptableExtension('test.app'));
|
||||
t.notOk(fileType.acceptableExtension('test.framework'));
|
||||
t.notOk(fileType.acceptableExtension('test.doc'));
|
||||
t.notOk(fileType.acceptableExtension('test.txt'));
|
||||
t.notOk(fileType.acceptableExtension('test.dll'));
|
||||
t.end();
|
||||
});
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue