mirror of
https://github.com/discourse/discourse.git
synced 2024-12-18 12:23:46 +08:00
b27d5626d2
* SECURITY: Prevent arbitrary file write when decompressing files * FIX: Allow decompressing files into symlinked directories Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com> Co-authored-by: Gerhard Schlager <gerhard.schlager@discourse.org>
28 lines
691 B
Ruby
28 lines
691 B
Ruby
# frozen_string_literal: true
|
|
|
|
module Compression
|
|
class Engine
|
|
UnsupportedFileExtension = Class.new(StandardError)
|
|
|
|
def self.default_strategies
|
|
[
|
|
Compression::Zip.new,
|
|
Compression::Pipeline.new([Compression::Tar.new, Compression::Gzip.new]),
|
|
Compression::Gzip.new,
|
|
Compression::Tar.new
|
|
]
|
|
end
|
|
|
|
def self.engine_for(filename, strategies: default_strategies)
|
|
strategy = strategies.detect(-> { raise UnsupportedFileExtension }) { |e| e.can_handle?(filename) }
|
|
new(strategy)
|
|
end
|
|
|
|
def initialize(strategy)
|
|
@strategy = strategy
|
|
end
|
|
|
|
delegate :extension, :decompress, :compress, to: :@strategy
|
|
end
|
|
end
|