Finish issue #510 ("Block the expensive display of binary files").

Add a new configuration option 'binary_mime_types' which accepts a
comma-delimited list of MIME content type patterns ('text/plain', or
'image/*', etc.) against which versioned file MIME types are
compared for the purposes of deciding whether to allow their display
in the 'markup', 'annotate', 'diff' and 'patch' views.

* conf/viewvc.conf.dist
  (binary_mime_types): Describe new option.

* lib/config.py
  (_force_multi_value): Add 'binary_file_types' to the list of
    multi-value options.
  (Config.set_defaults): Initialize cfg.options.binary_mime_types.

* lib/viewvc.py
  (is_binary_file_mime_type): New function.
  (get_file_view_info): Use is_binary_file_mime_type() to determine
    whether to return links to content-ful views of the input file.
  (markup_or_annotate, view_diff): Use is_binary_file_mime_type() to
    deny display of so-deemed binary files.



git-svn-id: http://viewvc.tigris.org/svn/viewvc/trunk@2784 8cb11bc2-c004-0410-86c3-e597b4017df7

conf/viewvc.conf.dist

@@ -383,6 +383,24 @@
 ##
 #allowed_views = annotate, diff, markup, roots
 
+## Comma-delimited list of MIME content types (with support for fnmatch-
+## style glob characters) which are considered not-human-readable and for
+## which ViewVC will neither generate links to, nor support the direct
+## display of, non-checkout views which carry the file's content (the
+## 'markup', 'annotate', 'diff', and 'patch' views).
+##
+## NOTE: Handling of this option is given priority over ViewVC's
+## longstanding support for showing web-friendly file formats -- even
+## binary ones such as "image/jpeg" and "image/gif" -- in the 'markup'
+## view.  Thus, if you add "image/*" to this list, 'markup'-view
+## display of JPEG, GIF, and PNG images will be disabled.
+##
+## Example:
+## binary_mime_types = application/octet-stream, image/*, application/pdf, 
+##                     application/vnd*, application/msword, audio/*
+#
+#binary_mime_types =
+
 ## authorizer: The name of the ViewVC authorizer plugin to use when
 ## authorizing access to repository contents.  This value must be the
 ## name of a Python module addressable as vcauth.MODULENAME (most

lib/config.py

@@ -111,6 +111,7 @@ class Config:
   _force_multi_value = (
     # Configuration values with multiple, comma-separated values.
     'allowed_views',
+    'binary_mime_types',
     'custom_log_formatting',
     'cvs_roots',
     'kv_files',
@@ -399,6 +400,7 @@ class Config:
     self.options.mangle_email_addresses = 0
     self.options.custom_log_formatting = []
     self.options.default_file_view = "log"
+    self.options.binary_mime_types = []
     self.options.http_expiration_time = 600
     self.options.generate_etags = 1
     self.options.svn_ignore_mimetype = 0

lib/viewvc.py

@@ -26,6 +26,7 @@ import sys
 import os
 import calendar
 import copy
+import fnmatch
 import gzip
 import mimetypes
 import re
@@ -1023,6 +1024,15 @@ def default_view(mime_type, cfg):
     return view_markup
   return view_checkout
 
+def is_binary_file_mime_type(mime_type, cfg):
+  """Return True iff MIME_TYPE is set and matches one of the binary
+  file mime type patterns in CFG."""
+  if mime_type:
+    for pattern in cfg.options.binary_mime_types:
+      if fnmatch.fnmatch(mime_type, pattern):
+        return True
+  return False
+  
 def get_file_view_info(request, where, rev=None, mime_type=None, pathrev=-1):
   """Return an object holding common hrefs and a viewability flag used
   for various views of FILENAME at revision REV whose MIME type is
@@ -1083,7 +1093,12 @@ def get_file_view_info(request, where, rev=None, mime_type=None, pathrev=-1):
                                     params={'revision': rev},
                                     escape=1)
 
-  prefer_markup = default_view(mime_type, request.cfg) == view_markup
+  is_binary_file = is_binary_file_mime_type(mime_type, request.cfg)
+  if is_binary_file:
+    download_text_href = annotate_href = view_href = None
+    prefer_markup = False
+  else:
+    prefer_markup = default_view(mime_type, request.cfg) == view_markup
 
   return _item(view_href=view_href,
                download_href=download_href,
@@ -1839,6 +1854,11 @@ def markup_or_annotate(request, is_annotate):
   revision = None
   mime_type, encoding = calculate_mime_type(request, path, rev)
 
+  # Is this display blocked by 'binary_mime_types' configuration?
+  if is_binary_file_mime_type(mime_type, cfg):
+    raise debug.ViewVCException('Display of binary file content disabled '
+                                'by configuration', '403 Forbidden')
+    
   # Is this a viewable image type?
   if is_viewable_image(mime_type) \
      and 'co' in cfg.options.allowed_views:
@@ -3359,6 +3379,13 @@ def view_patch(request):
   query_dict = request.query_dict
   p1, p2, rev1, rev2, sym1, sym2 = setup_diff(request)
 
+  mime_type1, encoding1 = calculate_mime_type(request, p1, rev1)
+  mime_type2, encoding2 = calculate_mime_type(request, p2, rev2)
+  if is_binary_file_mime_type(mime_type1, cfg) or \
+     is_binary_file_mime_type(mime_type2, cfg):
+    raise debug.ViewVCException('Display of binary file content disabled '
+                                'by configuration', '403 Forbidden')
+
   # In the absence of a format dictation in the CGI params, we'll let
   # use the configured diff format, allowing 'c' to mean 'c' and
   # anything else to mean 'u'.
@@ -3649,6 +3676,13 @@ def view_diff(request):
 
   p1, p2, rev1, rev2, sym1, sym2 = setup_diff(request)
   
+  mime_type1, encoding1 = calculate_mime_type(request, p1, rev1)
+  mime_type2, encoding2 = calculate_mime_type(request, p2, rev2)
+  if is_binary_file_mime_type(mime_type1, cfg) or \
+     is_binary_file_mime_type(mime_type2, cfg):
+    raise debug.ViewVCException('Display of binary file content disabled '
+                                'by configuration', '403 Forbidden')
+
   # since templates are in use and subversion allows changes to the dates,
   # we can't provide a strong etag
   if check_freshness(request, None, '%s-%s' % (rev1, rev2), weak=1):