From 1e328120e4e1e5d1ca7d33eda5a18e06cab280cf Mon Sep 17 00:00:00 2001
From: Scott Regenthal <scottregenthal@gmail.com>
Date: Wed, 10 Apr 2024 09:02:21 -0600
Subject: [PATCH] DBEX: make pdf extension evaluation case insensitive (#16250)

* Make pdf extension evaluation case insensitive

* Relocate extension type check
---
 app/models/form_attachment.rb       | 6 ++----
 spec/models/form_attachment_spec.rb | 2 +-
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/app/models/form_attachment.rb b/app/models/form_attachment.rb
index 979087c2612..9230cb8f322 100644
--- a/app/models/form_attachment.rb
+++ b/app/models/form_attachment.rb
@@ -13,7 +13,7 @@ class FormAttachment < ApplicationRecord
 
   def set_file_data!(file, file_password = nil)
     attachment_uploader = get_attachment_uploader
-    file = unlock_pdf(file, file_password) if file_password.present?
+    file = unlock_pdf(file, file_password) if File.extname(file).downcase == '.pdf' && file_password.present?
     attachment_uploader.store!(file)
     self.file_data = { filename: attachment_uploader.filename }.to_json
   rescue CarrierWave::IntegrityError => e
@@ -36,15 +36,13 @@ def get_file
   private
 
   def unlock_pdf(file, file_password)
-    return file unless File.extname(file) == '.pdf'
-
     pdftk = PdfForms.new(Settings.binaries.pdftk)
     tmpf = Tempfile.new(['decrypted_form_attachment', '.pdf'])
 
     begin
       pdftk.call_pdftk(file.tempfile.path, 'input_pw', file_password, 'output', tmpf.path)
     rescue PdfForms::PdftkError => e
-      file_regex = %r{/(?:\w+/)*[\w-]+\.pdf\b}
+      file_regex = %r{/(?:\w+/)*[\w-]+\.pdf\b}i
       password_regex = /(input_pw).*?(output)/
       sanitized_message = e.message.gsub(file_regex, '[FILTERED FILENAME]').gsub(password_regex, '\1 [FILTERED] \2')
       log_message_to_sentry(sanitized_message, 'warn')
diff --git a/spec/models/form_attachment_spec.rb b/spec/models/form_attachment_spec.rb
index f0470484de8..3890ff1b330 100644
--- a/spec/models/form_attachment_spec.rb
+++ b/spec/models/form_attachment_spec.rb
@@ -11,7 +11,7 @@
     end
 
     describe '#unlock_pdf' do
-      let(:file_name) { 'locked_pdf_password_is_test.pdf' }
+      let(:file_name) { 'locked_pdf_password_is_test.Pdf' }
       let(:bad_password) { 'bad_pw' }
 
       context 'when provided password is incorrect' do