From 21ff5e2c1de0ce132ea07f53ff3e6efa65941b73 Mon Sep 17 00:00:00 2001
From: Joshua Peek <josh@joshpeek.com>
Date: Sat, 21 May 2011 17:34:52 -0500
Subject: [PATCH] Add Blob#forbidden?

---
 lib/linguist/blob_helper.rb | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/lib/linguist/blob_helper.rb b/lib/linguist/blob_helper.rb
index ffe1e278..57c04686 100644
--- a/lib/linguist/blob_helper.rb
+++ b/lib/linguist/blob_helper.rb
@@ -65,6 +65,19 @@ module Linguist
       ['.xib', '.nib', '.pbxproj'].include?(pathname.extname)
     end
 
+    # Determine if the blob contains bad content that can be used for various
+    # cross site attacks. Right now this is limited to flash files -- the flash
+    # plugin ignores the response content type and treats any URL as flash
+    # when the <object> tag is specified correctly regardless of file extension.
+    #
+    # Returns true when the blob data should not be served with any content-type.
+    def forbidden?
+      if data = self.data
+        data.size >= 8 &&                     # all flash has at least 8 bytes
+          %w(CWS FWS).include?(data[0,3])     # file type sigs
+      end
+    end
+
     def language
       if text?
         shebang_language || pathname.language