vip-cli icon indicating copy to clipboard operation
vip-cli copied to clipboard
verified publisher icon Automattic

fix(validate-files): Update file-validation logic to add mimetype validation

Open aswasif007 opened this issue 1 year ago • 8 comments

Description

In the vip import validate-files command, we currently do not parse and check the mimetype of the file itself. In this PR, we are adding that logic.

Pull request checklist

Steps to Test

  1. Check out PR.
  2. Run npm run build
  3. Run ./dist/bin/vip-import-validate-files.js <your-dir-path>
  4. Check the verification messages to see if they are correct.

aswasif007 avatar Jul 29 '24 10:07 aswasif007

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails

Scanned Manifest Files

github-actions[bot] avatar Jul 29 '24 10:07 github-actions[bot]

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarqubecloud[bot] avatar Jul 30 '24 12:07 sonarqubecloud[bot]

So I tested the latest version under Windows native, and WSL on Ubuntu.

On Windows it repeatedly presents the error message "Failed to extract mimetype of file %FILEPATH% because of error: /usr/bin/file does not exist on this computer", I think it's a bit excessive, can we group the errors somehow? A Linux/Mac path under Windows also doesn't make sense, as a user I'd be very confused.

Additionally, I checked the file service code and I don't think it explicitly blocks specific extensions - it checks for known extensions and sets the mime_type if the mapping found, otherwise it marks the file application/octet-stream , so the logic we're doing here does not entirely match VIP Files Service.

https://github.com/Automattic/wpvip-files-service/blob/a27ac4400b901bcdf48655be39ac4e1dd9cc731f/vipv2-files-web/src/class-files-service.php#L144-L162

And last but not least, we seem to be blocking fonts here, which is not great because they're allowed both in WordPress and in File Service.

rinatkhaziev avatar Jul 31 '24 23:07 rinatkhaziev

So I tested the latest version under Windows native, and WSL on Ubuntu.

🙌 thanks @rinatkhaziev !! Are you using a VM for Windows or did you have a different machine? :D

On Windows it repeatedly presents the error message "Failed to extract mimetype of file %FILEPATH% because of error: /usr/bin/file does not exist on this computer", I think it's a bit excessive, can we group the errors somehow? A Linux/Mac path under Windows also doesn't make sense, as a user I'd be very confused.

Yeah I've changed the PR label to In Progress . We're trying to figure out the best approach and we will definitely have to reference the PATH based on the OS that we detect. We're also evaluating the file-type library but we'd like to avoid if possible given that the actual command vip import media uses the file command.

Additionally, I checked the file service code and I don't think it explicitly blocks specific extensions - it checks for known extensions and sets the mime_type if the mapping found, otherwise it marks the file application/octet-stream , so the logic we're doing here does not entirely match VIP Files Service.

https://github.com/Automattic/wpvip-files-service/blob/a27ac4400b901bcdf48655be39ac4e1dd9cc731f/vipv2-files-web/src/class-files-service.php#L144-L162

Taking this conversation elsewhere

And last but not least, we seem to be blocking fonts here, which is not great because they're allowed both in WordPress and in File Service.

Are there specific font types supported in WordPress? Can you please point me to that?

saroshaga avatar Aug 02 '24 07:08 saroshaga

Are there specific font types supported in WordPress? Can you please point me to that?

woff, woff2, otf, ttf, it's a bit weird to test because they're not uploadable via Media Library, but can be uploaded via the new feature called Fonts Library.

rinatkhaziev avatar Aug 02 '24 22:08 rinatkhaziev

Are there specific font types supported in WordPress? Can you please point me to that?

woff, woff2, otf, ttf, it's a bit weird to test because they're not uploadable via Media Library, but can be uploaded via the new feature called Fonts Library.

They are also uploaded to wp-content/fonts and not wp-content/uploads, so that'll be interesting for VIP https://make.wordpress.org/core/2024/03/14/new-feature-font-library/#customizing-the-fonts-upload-directory

saroshaga avatar Aug 08 '24 13:08 saroshaga

@saroshaga no, that was rolled back and it's wp-content/uploads/fonts now.

rinatkhaziev avatar Aug 08 '24 16:08 rinatkhaziev

This pull request has been marked stale because it has been open for 60 days with no activity. If there is no activity within 7 days, it will be closed.

This is an automation to keep pull requests manageable and actionable and is not a comment on the quality of this pull request nor on the work done so far. Closed PRs are still valuable to the project and their branches are preserved.

github-actions[bot] avatar Oct 08 '24 00:10 github-actions[bot]