I had an acquaintance who was a software architect for a major (Japanese) auto company. Their entire SW development process consisted of writing specs which were shipped to "code farms" (I believe he said in the Phillipines) where low-paid contract coders implemented them. (Not a line of code was written in the US.) In that kind of environment, at best you get exactly what the spec asks for. If it doesn't say anything about robustly handling image files without extensions, you won't get that.
Wow, writing specs to define what the code shouldn’t do would be far bigger than defining what the code should do.