Skip to content

Draft - Compare extension against actual content type in GM

Nikola Milojevic requested to merge nmilojevic/image-scaling-format-check into mk/image-scaling-seccomp

Overview

By default, gm will ignore file extensions and determine the correct decoder/encoder based on the file's magic bytes. This means that a file pretending to be something else based on its extension might get processed.

In gitlab!39965 (merged) we now send the image MIME type in the send-data header, based on the file's extension i.e. what it claims to be.

We already did that in !564 (diffs), but since we are using GM API in !578 (closed), we need to add support that will compare the provided MIME type with the actual content type using gm API

http://www.graphicsmagick.org/wand/magick_wand.html#magickgetimageformat

Behavior

I prepared a "fake" JPG file avatar_w300_fake.jpg, which carries the .jpg extension but is actually a PNG file.

GET http://localhost:3000/uploads/-/system/group/avatar/27/avatar_w300.jpg?width=64

Before

workhorse_1      | time="2020-08-21T13:33:28Z" level=info msg="ImageResizer: success" bytes_written=10408 correlation_id=qsp3RHnZA44
workhorse_1      | localhost:3000 172.17.0.1 - - [2020/08/21:13:33:28 +0000] "GET /uploads/-/system/group/avatar/27/avatar_w300.jpg?width=64 HTTP/1.1" 200 10408 "http://localhost:3000/gitlab-org" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36" 168

After

gitlab-workhorse      : time="2020-09-10T18:00:18+02:00" level=info msg="Image content did not match the file content type" correlation_id=INy0tqZ8fK9
gitlab-workhorse      : time="2020-09-10T18:00:18+02:00" level=error msg=error correlation_id=INy0tqZ8fK9 error="ImageResizer: failed writing output stream" method=GET uri="/uploads/-/system/group/avatar/27/avatar_w300.jpg?width=64"

Merge request reports