-
Notifications
You must be signed in to change notification settings - Fork 583
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: decompression bomb attack in the Filer #1426
Conversation
Filer allowed for the images for very high pixels (height * width) to be uploaded. This would cause crash and failures when the high pixels exceeded what is allowed by Pillow Image MAX_IMAGE_PIXELS value. This is an issue because even though the image is possible to be created and attached to the page, it would never work as PIL always fails to thumbnails such high pixel image and crashes causing crash and high memory usages in such pages. This patch, fixes this issues in the bud as it wouldn't allow such files to be uploaded via FILER itself. It also allows to set a lower limit FILER_MAX_IMAGE_PIXELS so that users can limit the max pixels to value much lower than what PIL support. - Github Issue - #1425 - #1330 Authored-by: Vinit Kumar <[email protected]>
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #1426 +/- ##
==========================================
+ Coverage 75.96% 76.41% +0.44%
==========================================
Files 75 75
Lines 3454 3510 +56
Branches 554 562 +8
==========================================
+ Hits 2624 2682 +58
+ Misses 669 666 -3
- Partials 161 162 +1
☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work and immediate UI response! This does also work when drag-and-dropping?
Can you add a test based on test_filer_upload_file
which the FILER_MAX_IMAGE_PIXELS
set to a very low value to see if the error messages are triggered?
file_obj.is_public = filer_settings.FILER_IS_PUBLIC_DEFAULT | ||
except ValidationError as error: | ||
messages.error(request, str(error)) | ||
return JsonResponse({'error': str(error)}) |
Check warning
Code scanning / CodeQL
Information exposure through an exception
return JsonResponse(data) | ||
except Exception as error: | ||
messages.error(request, str(error)) | ||
return JsonResponse({"error": str(error)}) |
Check warning
Code scanning / CodeQL
Information exposure through an exception
@fsbraun Just checked it out. Looks and work great. Except I think this warning message could be better. Is show
|
…-filer into fix/decompression-bomb
Description
Filer allowed for the images for very high pixels (height * width) to be uploaded. This would cause crash and failures when the high pixels exceeded what is allowed by Pillow Image MAX_IMAGE_PIXELS value.
This is an issue because even though the image is possible to be created and attached to the page, it would never work as PIL always fails to thumbnails such high pixel image and crashes causing crash and high memory usages in such pages.
This patch, fixes this issues in the bud as it wouldn't allow such files to be uploaded via FILER itself. It also allows to set a lower limit FILER_MAX_IMAGE_PIXELS so that users can limit the max pixels to value much lower than what PIL support.
We also choose the pixel value rather than MAX_HEIGHT and MAX_WIDTH to allow different resolutions of image other than square images.
filerdecompressionbomb.mov
Github Issue
Authored-by: Vinit Kumar [email protected]
Related resources
Checklist
master
Slack to find a “pr review buddy” who is going to review my pull request.