Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: decompression bomb attack in the Filer #1426

Merged
merged 18 commits into from
Sep 28, 2023
Merged

Conversation

vinitkumar
Copy link
Member

@vinitkumar vinitkumar commented Sep 24, 2023

Description

Filer allowed for the images for very high pixels (height * width) to be uploaded. This would cause crash and failures when the high pixels exceeded what is allowed by Pillow Image MAX_IMAGE_PIXELS value.

This is an issue because even though the image is possible to be created and attached to the page, it would never work as PIL always fails to thumbnails such high pixel image and crashes causing crash and high memory usages in such pages.

This patch, fixes this issues in the bud as it wouldn't allow such files to be uploaded via FILER itself. It also allows to set a lower limit FILER_MAX_IMAGE_PIXELS so that users can limit the max pixels to value much lower than what PIL support.

We also choose the pixel value rather than MAX_HEIGHT and MAX_WIDTH to allow different resolutions of image other than square images.

filerdecompressionbomb.mov

Github Issue

Authored-by: Vinit Kumar [email protected]

Related resources

Checklist

  • I have opened this pull request against master
  • I have added or modified the tests when changing logic
  • I have followed the conventional commits guidelines to add meaningful information into the changelog
  • I have read the contribution guidelines and I have joined #workgroup-pr-review on
    Slack to find a “pr review buddy” who is going to review my pull request.

Filer allowed for the images for very high pixels (height * width) to be
uploaded. This would cause crash and failures when the high pixels
exceeded what is allowed by Pillow Image MAX_IMAGE_PIXELS value.

This is an issue because even though the image is possible to be created
and attached to the page, it would never work as PIL always fails to
thumbnails such high pixel image and crashes causing crash and high
memory usages in such pages.

This patch, fixes this issues in the bud as it wouldn't allow such files
to be uploaded via FILER itself. It also allows to set a lower limit
FILER_MAX_IMAGE_PIXELS so that users can limit the max pixels to value
much lower than what PIL support.

- Github Issue
    - #1425
    - #1330

Authored-by: Vinit Kumar <[email protected]>
@vinitkumar vinitkumar requested a review from fsbraun September 24, 2023 19:36
@codecov
Copy link

codecov bot commented Sep 24, 2023

Codecov Report

Attention: 11 lines in your changes are missing coverage. Please review.

Comparison is base (8293ba1) 75.96% compared to head (34045eb) 76.41%.

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #1426      +/-   ##
==========================================
+ Coverage   75.96%   76.41%   +0.44%     
==========================================
  Files          75       75              
  Lines        3454     3510      +56     
  Branches      554      562       +8     
==========================================
+ Hits         2624     2682      +58     
+ Misses        669      666       -3     
- Partials      161      162       +1     
Files Coverage Δ
filer/admin/imageadmin.py 89.58% <100.00%> (ø)
filer/fields/multistorage_file.py 88.34% <100.00%> (ø)
filer/models/filemodels.py 88.88% <100.00%> (+0.19%) ⬆️
filer/templatetags/filer_admin_tags.py 92.10% <100.00%> (+2.72%) ⬆️
filer/admin/fileadmin.py 94.39% <94.11%> (-0.12%) ⬇️
filer/validation.py 95.45% <80.00%> (+14.37%) ⬆️
filer/admin/clipboardadmin.py 95.12% <88.00%> (+0.45%) ⬆️
filer/models/abstract.py 80.82% <76.19%> (-0.78%) ⬇️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copy link
Member

@fsbraun fsbraun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work and immediate UI response! This does also work when drag-and-dropping?

Can you add a test based on test_filer_upload_file which the FILER_MAX_IMAGE_PIXELS set to a very low value to see if the error messages are triggered?

filer/admin/clipboardadmin.py Outdated Show resolved Hide resolved
filer/admin/clipboardadmin.py Outdated Show resolved Hide resolved
filer/admin/clipboardadmin.py Outdated Show resolved Hide resolved
file_obj.is_public = filer_settings.FILER_IS_PUBLIC_DEFAULT
except ValidationError as error:
messages.error(request, str(error))
return JsonResponse({'error': str(error)})

Check warning

Code scanning / CodeQL

Information exposure through an exception

[Stack trace information](1) flows to this location and may be exposed to an external user.
return JsonResponse(data)
except Exception as error:
messages.error(request, str(error))
return JsonResponse({"error": str(error)})

Check warning

Code scanning / CodeQL

Information exposure through an exception

[Stack trace information](1) flows to this location and may be exposed to an external user.
@vinitkumar
Copy link
Member Author

@fsbraun Just checked it out. Looks and work great. Except I think this warning message could be better. Is show __all__ and some message.

Screenshot 2023-09-28 at 2 23 43 AM
O
Screenshot 2023-09-28 at 2 23 56 AM
Once that is fixed. I think it's good enough to be merged and we can cut a 3.1 release for filer.

@vinitkumar vinitkumar requested a review from fsbraun September 27, 2023 20:56
@fsbraun fsbraun merged commit 964f48d into master Sep 28, 2023
@vinitkumar vinitkumar deleted the fix/decompression-bomb branch November 15, 2024 19:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Issue with DecompressionBombWarning with high pixel images Restrict maximum image dimensions/resolution
2 participants