Draft - Compare extension against actual content type in GM
Overview
By default, gm
will ignore file extensions and determine the correct decoder/encoder based on the file's magic bytes. This means that a file pretending to be something else based on its extension might get processed.
In gitlab!39965 (merged) we now send the image MIME type in the send-data
header, based on the file's extension i.e. what it claims to be.
We already did that in !564 (diffs), but since we are using GM API in !578 (closed), we need to add support that will compare the provided MIME type with the actual content type using gm API
http://www.graphicsmagick.org/wand/magick_wand.html#magickgetimageformat
Behavior
I prepared a "fake" JPG file avatar_w300_fake.jpg
, which carries the .jpg
extension but is actually a PNG file.
GET http://localhost:3000/uploads/-/system/group/avatar/27/avatar_w300.jpg?width=64
Before
workhorse_1 | time="2020-08-21T13:33:28Z" level=info msg="ImageResizer: success" bytes_written=10408 correlation_id=qsp3RHnZA44
workhorse_1 | localhost:3000 172.17.0.1 - - [2020/08/21:13:33:28 +0000] "GET /uploads/-/system/group/avatar/27/avatar_w300.jpg?width=64 HTTP/1.1" 200 10408 "http://localhost:3000/gitlab-org" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36" 168
After
gitlab-workhorse : time="2020-09-10T18:00:18+02:00" level=info msg="Image content did not match the file content type" correlation_id=INy0tqZ8fK9
gitlab-workhorse : time="2020-09-10T18:00:18+02:00" level=error msg=error correlation_id=INy0tqZ8fK9 error="ImageResizer: failed writing output stream" method=GET uri="/uploads/-/system/group/avatar/27/avatar_w300.jpg?width=64"