Exif metadata not stripped when uploading image attachments via Emails
What does this MR do and why?
For #239343 (closed)
This MR is to fix a minor vulnerability that the exif metadata in images uploaded via emails are not stripped. This bug does not occur with images uploaded via API/Web because they are actively handled by workhorse
. The solution is simple. Gitlab::Email::AttachmentUploader
is the single point where all image attachments are handled. It's lucky for us that Rails code base has an equivalent utility Gitlab::Sanitizers::Exif
doing the same job as workhorse. The API of that sanitizer is easy to expand.
The reason behind this solution is explained in detail here: #239343 (comment 824662343).
How to set up and validate locally
- Step 1. Upgrade mailroom gem to 0.0.19. For an historical reason, MailRoom version in the rails code base is still stuck at 0.0.9. There are plenty of bugs that make mailroom flow broken on local environment
diff --git a/Gemfile b/Gemfile
index 7a6e2a13c8c..538ae4c8a0d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -441,7 +441,7 @@ gem 'octokit', '~> 4.15'
# Updating this gem version here is deprecated. See:
# https://docs.gitlab.com/ee/development/emails.html#mailroom-gem-updates
-gem 'gitlab-mail_room', '~> 0.0.9', require: 'mail_room'
+gem 'gitlab-mail_room', '~> 0.0.19', require: 'mail_room'
gem 'email_reply_trimmer', '~> 0.1'
gem 'html2text'
- Step 2: set incoming_email and service_desk_email configuration, point to an email inbox.
incoming_email:
enabled: true
address: "personal-email+%{key}@gmail.com"
user: "personal-email@gmail.com"
password: "something"
service_desk_email:
enabled: true
address: "personal-email+%{key}@gmail.com"
user: "personal-email@gmail.com"
password: "something"
- Step 3: restart all services
- Step 4: start mailroom in a console with the following command
bundle exec mail_room -c ./config/mail_room.yml
- Step 5: tail the mailroom logs with the following command, assuming the recent working directory is GitLab rails.
tail -f ./log/mail_room_json.log
- Step 6: open a random project, configure Service Desk in that project:
- Step 7: compose an email to send to the email address mentioned in the setting page. Attach target files used in different scenarios
- Step 8: ensure mail_room logs captured incoming emails; all jobs of EmailReceiverWorker and ServiceDeskEmailWorker are executed. Open the service desk section in the issue. The attachments are a part of the issue descriptions.
Screenshots or screen recordings
Case 1: Before this fix
When sending an email with exif data, the exif data is still accessible when download the attached image from the issue.
Case 2: After the fix
After this fix is applied, the exif data is stripped.
Bonus: the file without exif data is slightly smaller than the original file
Case 3: exif sanitizer doesn't affect images without exif
Exif data is available in tiff/jpg images only. When uploading a PNG image, it is processed successfully.
Case 4: exif sanitizer doesn't affect other data types
When uploading a non-image data such as PDF or spreadsheets, the sanitizer should not affect the content of those files. This scenario confirms those files stay intact, and readable afterward.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.