Merge pull request #5256 from consuldemocracy/remove-pdf-metadata
ENS: Strip metadata from attachments
This commit is contained in:
Sebastia
2
Gemfile
2
Gemfile
@@ -20,6 +20,7 @@ gem "dalli", "~> 3.2.6"
|
||||
gem "delayed_job_active_record", "~> 4.1.7"
|
||||
gem "devise", "~> 4.9.2"
|
||||
gem "devise-security", "~> 0.18.0"
|
||||
gem "exiftool_vendored", "~> 12.60.0"
|
||||
gem "file_validators", "~> 3.0.0"
|
||||
gem "font-awesome-sass", "~> 5.15.1" # Remember to update vendor/assets/images/fontawesome when updating this gem
|
||||
gem "foundation-rails", "~> 6.6.2.0"
|
||||
@@ -85,6 +86,7 @@ group :test do
|
||||
gem "capybara", "~> 3.39.2"
|
||||
gem "capybara-webmock", "~> 0.7.0"
|
||||
gem "email_spec", "~> 2.2.2"
|
||||
gem "pdf-reader"
|
||||
gem "rspec-rails", "~> 5.1.2"
|
||||
gem "selenium-webdriver", "~> 4.13.1"
|
||||
gem "simplecov", "~> 0.22.0", require: false
|
||||
|
||||
17
Gemfile.lock
17
Gemfile.lock
@@ -6,6 +6,7 @@ GEM
|
||||
GEM
|
||||
remote: https://rubygems.org/
|
||||
specs:
|
||||
Ascii85 (1.1.0)
|
||||
actioncable (6.1.7.6)
|
||||
actionpack (= 6.1.7.6)
|
||||
activesupport (= 6.1.7.6)
|
||||
@@ -70,6 +71,7 @@ GEM
|
||||
acts_as_votable (0.14.0)
|
||||
addressable (2.8.5)
|
||||
public_suffix (>= 2.0.2, < 6.0)
|
||||
afm (0.2.2)
|
||||
ahoy_matey (4.2.1)
|
||||
activesupport (>= 5.2)
|
||||
device_detector
|
||||
@@ -209,6 +211,10 @@ GEM
|
||||
multi_json (>= 1.3)
|
||||
rake
|
||||
execjs (2.8.1)
|
||||
exiftool (1.2.4)
|
||||
json
|
||||
exiftool_vendored (12.60.0)
|
||||
exiftool (>= 0.7.0)
|
||||
factory_bot (6.2.0)
|
||||
activesupport (>= 5.0.0)
|
||||
factory_bot_rails (6.2.0)
|
||||
@@ -255,6 +261,7 @@ GEM
|
||||
gyoku (1.4.0)
|
||||
builder (>= 2.1.2)
|
||||
rexml (~> 3.0)
|
||||
hashery (2.1.2)
|
||||
hashie (5.0.0)
|
||||
highline (2.0.3)
|
||||
htmlentities (4.3.4)
|
||||
@@ -408,6 +415,12 @@ GEM
|
||||
parser (3.2.2.3)
|
||||
ast (~> 2.4.1)
|
||||
racc
|
||||
pdf-reader (2.11.0)
|
||||
Ascii85 (~> 1.0)
|
||||
afm (~> 0.2.1)
|
||||
hashery (~> 2.0)
|
||||
ruby-rc4
|
||||
ttfunk
|
||||
pg (1.4.3)
|
||||
pg_search (2.3.6)
|
||||
activerecord (>= 5.2)
|
||||
@@ -545,6 +558,7 @@ GEM
|
||||
rubocop-capybara (~> 2.17)
|
||||
rubocop-factory_bot (~> 2.22)
|
||||
ruby-progressbar (1.13.0)
|
||||
ruby-rc4 (0.1.5)
|
||||
ruby-vips (2.1.4)
|
||||
ffi (~> 1.12)
|
||||
ruby2_keywords (0.0.5)
|
||||
@@ -626,6 +640,7 @@ GEM
|
||||
tilt (2.0.10)
|
||||
timeout (0.4.1)
|
||||
tomlrb (2.0.3)
|
||||
ttfunk (1.7.0)
|
||||
turbolinks (5.2.1)
|
||||
turbolinks-source (~> 5.2)
|
||||
turbolinks-source (5.2.0)
|
||||
@@ -705,6 +720,7 @@ DEPENDENCIES
|
||||
devise-security (~> 0.18.0)
|
||||
email_spec (~> 2.2.2)
|
||||
erb_lint (~> 0.5.0)
|
||||
exiftool_vendored (~> 12.60.0)
|
||||
factory_bot_rails (~> 6.2.0)
|
||||
faker (~> 3.2.1)
|
||||
file_validators (~> 3.0.0)
|
||||
@@ -734,6 +750,7 @@ DEPENDENCIES
|
||||
omniauth-rails_csrf_protection (~> 1.0.1)
|
||||
omniauth-twitter (~> 1.4.0)
|
||||
paranoia (~> 2.6.2)
|
||||
pdf-reader
|
||||
pg (~> 1.4.3)
|
||||
pg_search (~> 2.3.6)
|
||||
pronto (~> 0.11.1)
|
||||
|
||||
@@ -9,6 +9,8 @@ class Document < ApplicationRecord
|
||||
validates :documentable_id, presence: true, if: -> { persisted? }
|
||||
validates :documentable_type, presence: true, if: -> { persisted? }
|
||||
|
||||
before_save :remove_metadata
|
||||
|
||||
scope :admin, -> { where(admin: true) }
|
||||
|
||||
def self.humanized_accepted_content_types
|
||||
@@ -36,4 +38,13 @@ class Document < ApplicationRecord
|
||||
def documentable_class
|
||||
association_class
|
||||
end
|
||||
|
||||
def remove_metadata
|
||||
return unless attachment.attached?
|
||||
|
||||
attachment_path = ActiveStorage::Blob.service.path_for(attachment.key)
|
||||
Exiftool.new(attachment_path, "-all:all=")
|
||||
rescue Exiftool::ExiftoolNotInstalled, Exiftool::NoSuchFile
|
||||
nil
|
||||
end
|
||||
end
|
||||
|
||||
BIN
spec/fixtures/files/logo_with_metadata.pdf
vendored
Normal file
BIN
spec/fixtures/files/logo_with_metadata.pdf
vendored
Normal file
Binary file not shown.
27
spec/system/documents_spec.rb
Normal file
27
spec/system/documents_spec.rb
Normal file
@@ -0,0 +1,27 @@
|
||||
require "rails_helper"
|
||||
|
||||
describe "Documents" do
|
||||
describe "Metadata" do
|
||||
scenario "download document without metadata" do
|
||||
login_as(create(:user))
|
||||
visit new_proposal_path
|
||||
|
||||
fill_in "Proposal title", with: "debate"
|
||||
fill_in "Proposal summary", with: "In summary, what we want is..."
|
||||
fill_in "Full name of the person submitting the proposal", with: "Isabel Garcia"
|
||||
documentable_attach_new_file(file_fixture("logo_with_metadata.pdf"))
|
||||
check "I agree to the Privacy Policy and the Terms and conditions of use"
|
||||
|
||||
click_button "Create proposal"
|
||||
|
||||
io = URI.parse("#{app_host}#{polymorphic_path(Document.last.attachment)}").open
|
||||
reader = PDF::Reader.new(io)
|
||||
|
||||
expect(reader.info[:Keywords]).not_to eq "Test Metadata"
|
||||
expect(reader.info[:Author]).not_to eq "Test Developer"
|
||||
expect(reader.info[:Title]).not_to eq "logo_with_metadata.pdf"
|
||||
expect(reader.info[:Producer]).not_to eq "Test Producer"
|
||||
expect(reader.info).to eq({})
|
||||
end
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user