ContentType detector backends

[miyagawa]

I had a semi-urgent need to run paperclip based Rails apps on a linux CI host without file command installed.

While I could ask the admin to install them, I chose to implement (mostly for a demo purpose) a monkey patch to override the file command with the mimemagic gem and it turned out to work fine: paperclip-mimemagic

If there were a proper hook to register a separate backend to detect content types for a file, i could write it as a proper plugin rather than a monkey patch. I wonder if there's any interest in it.

[sikachu]

We used to use mime-types gem before, but then we have to switch since people could spoof the file by changing the extension. By switch to mimemagic gem, we'd definitely open for the same vulnerability again.

So, if you have a platform-independent filetype detection, please let us know. Otherwise, we'll have to stick with this for now.

[miyagawa]

My understanding is that mimemagic gem uses the magic match to detect file types, which is similar to what file command does. I understand that there's always a way to spoof such implementations, but I'd say it's not the same level with simply changing the extension.

Having said that i understand the decision.

[sikachu]

Right. I missed the by_magic part. Hmmm ...

Reopening this. This might be a good alternative for cross-platform solution.

[maclover7]

Is this fixed with #1839 ?

[tute]

ping @sikachu: is this fixed now?

[tute]

The mimemagic gem and file command are necessary for security purposes. You can disable them if you know what you are doing to get your desired behavior. This doesn't seem to be an issue in paperclip anymore, so I'm closing this issue. Thanks for reporting!