activestorage 5.2.6.1 → 5.2.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of activestorage might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +23 -0
- data/app/models/active_storage/variation.rb +60 -0
- data/lib/active_storage/engine.rb +14 -0
- data/lib/active_storage/gem_version.rb +2 -2
- data/lib/active_storage.rb +290 -0
- metadata +11 -11
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 221e253595145d3f877c7f1c72422ab97989ba9cba8cb7a5c14f20d8589b0240
|
4
|
+
data.tar.gz: 32de8686073e333e7f0a4177acc3aba161e5bbd59d90597e42ad49ca7ec55af9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5617c40e89b030ed1e8b3a05a57ab954a572e40b27f6aade9e4046ae23f7ff298a9f40b1d1ecb31ec7e9cd3717186d6cc7e6ceb939a3967bcd3ab70533e431c9
|
7
|
+
data.tar.gz: 39a0968e43f9d8a1763c3120a83b3ae8cc82b9c2d78b1a0a5503da4818296f0cf5abad84fd57733bd1eac61f321b0a288d99c2aff058d3f37fb0cd453fc423ff
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,26 @@
|
|
1
|
+
## Rails 5.2.7 (March 10, 2022) ##
|
2
|
+
|
3
|
+
* Fix `ActiveStorage.supported_image_processing_methods` and
|
4
|
+
`ActiveStorage.unsupported_image_processing_arguments` that were not being applied.
|
5
|
+
|
6
|
+
*Rafael Mendonça França*
|
7
|
+
|
8
|
+
|
9
|
+
## Rails 5.2.6.3 (March 08, 2022) ##
|
10
|
+
|
11
|
+
* Added image transformation validation via configurable allow-list.
|
12
|
+
|
13
|
+
Variant now offers a configurable allow-list for
|
14
|
+
transformation methods in addition to a configurable deny-list for arguments.
|
15
|
+
|
16
|
+
[CVE-2022-21831]
|
17
|
+
|
18
|
+
|
19
|
+
## Rails 5.2.6.2 (February 11, 2022) ##
|
20
|
+
|
21
|
+
* No changes.
|
22
|
+
|
23
|
+
|
1
24
|
## Rails 5.2.6.1 (February 11, 2022) ##
|
2
25
|
|
3
26
|
* No changes.
|
@@ -20,6 +20,9 @@
|
|
20
20
|
class ActiveStorage::Variation
|
21
21
|
attr_reader :transformations
|
22
22
|
|
23
|
+
class UnsupportedImageProcessingMethod < StandardError; end
|
24
|
+
class UnsupportedImageProcessingArgument < StandardError; end
|
25
|
+
|
23
26
|
class << self
|
24
27
|
# Returns a Variation instance based on the given variator. If the variator is a Variation, it is
|
25
28
|
# returned unmodified. If it is a String, it is passed to ActiveStorage::Variation.decode. Otherwise,
|
@@ -56,12 +59,15 @@ class ActiveStorage::Variation
|
|
56
59
|
def transform(image)
|
57
60
|
ActiveSupport::Notifications.instrument("transform.active_storage") do
|
58
61
|
transformations.each do |name, argument_or_subtransformations|
|
62
|
+
validate_transformation(name, argument_or_subtransformations)
|
59
63
|
image.mogrify do |command|
|
60
64
|
if name.to_s == "combine_options"
|
61
65
|
argument_or_subtransformations.each do |subtransformation_name, subtransformation_argument|
|
66
|
+
validate_transformation(subtransformation_name, subtransformation_argument)
|
62
67
|
pass_transform_argument(command, subtransformation_name, subtransformation_argument)
|
63
68
|
end
|
64
69
|
else
|
70
|
+
validate_transformation(name, argument_or_subtransformations)
|
65
71
|
pass_transform_argument(command, name, argument_or_subtransformations)
|
66
72
|
end
|
67
73
|
end
|
@@ -86,4 +92,58 @@ class ActiveStorage::Variation
|
|
86
92
|
def eligible_argument?(argument)
|
87
93
|
argument.present? && argument != true
|
88
94
|
end
|
95
|
+
|
96
|
+
def validate_transformation(name, argument)
|
97
|
+
method_name = name.to_s.gsub("-","_")
|
98
|
+
|
99
|
+
unless ActiveStorage.supported_image_processing_methods.any? { |method| method_name == method }
|
100
|
+
raise UnsupportedImageProcessingMethod, <<~ERROR.squish
|
101
|
+
One or more of the provided transformation methods is not supported.
|
102
|
+
ERROR
|
103
|
+
end
|
104
|
+
|
105
|
+
if argument.present?
|
106
|
+
if argument.is_a?(String) || argument.is_a?(Symbol)
|
107
|
+
validate_arg_string(argument)
|
108
|
+
elsif argument.is_a?(Array)
|
109
|
+
validate_arg_array(argument)
|
110
|
+
elsif argument.is_a?(Hash)
|
111
|
+
validate_arg_hash(argument)
|
112
|
+
end
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
116
|
+
def validate_arg_string(argument)
|
117
|
+
if ActiveStorage.unsupported_image_processing_arguments.any? { |bad_arg| argument.to_s.downcase.include?(bad_arg) }; raise UnsupportedImageProcessingArgument end
|
118
|
+
end
|
119
|
+
|
120
|
+
def validate_arg_array(argument)
|
121
|
+
argument.each do |arg|
|
122
|
+
if arg.is_a?(Integer) || arg.is_a?(Float)
|
123
|
+
next
|
124
|
+
elsif arg.is_a?(String) || arg.is_a?(Symbol)
|
125
|
+
validate_arg_string(arg)
|
126
|
+
elsif arg.is_a?(Array)
|
127
|
+
validate_arg_array(arg)
|
128
|
+
elsif arg.is_a?(Hash)
|
129
|
+
validate_arg_hash(arg)
|
130
|
+
end
|
131
|
+
end
|
132
|
+
end
|
133
|
+
|
134
|
+
def validate_arg_hash(argument)
|
135
|
+
argument.each do |key, value|
|
136
|
+
validate_arg_string(key)
|
137
|
+
|
138
|
+
if value.is_a?(Integer) || value.is_a?(Float)
|
139
|
+
next
|
140
|
+
elsif value.is_a?(String) || value.is_a?(Symbol)
|
141
|
+
validate_arg_string(value)
|
142
|
+
elsif value.is_a?(Array)
|
143
|
+
validate_arg_array(value)
|
144
|
+
elsif value.is_a?(Hash)
|
145
|
+
validate_arg_hash(value)
|
146
|
+
end
|
147
|
+
end
|
148
|
+
end
|
89
149
|
end
|
@@ -61,6 +61,20 @@ module ActiveStorage
|
|
61
61
|
ActiveStorage.analyzers = app.config.active_storage.analyzers || []
|
62
62
|
ActiveStorage.paths = app.config.active_storage.paths || {}
|
63
63
|
|
64
|
+
ActiveStorage.supported_image_processing_methods += app.config.active_storage.supported_image_processing_methods || []
|
65
|
+
ActiveStorage.unsupported_image_processing_arguments = app.config.active_storage.unsupported_image_processing_arguments || %w(
|
66
|
+
-debug
|
67
|
+
-display
|
68
|
+
-distribute-cache
|
69
|
+
-help
|
70
|
+
-path
|
71
|
+
-print
|
72
|
+
-set
|
73
|
+
-verbose
|
74
|
+
-version
|
75
|
+
-write
|
76
|
+
-write-mask
|
77
|
+
)
|
64
78
|
ActiveStorage.variable_content_types = app.config.active_storage.variable_content_types || []
|
65
79
|
ActiveStorage.content_types_to_serve_as_binary = app.config.active_storage.content_types_to_serve_as_binary || []
|
66
80
|
ActiveStorage.content_types_allowed_inline = app.config.active_storage.content_types_allowed_inline || []
|
data/lib/active_storage.rb
CHANGED
@@ -50,4 +50,294 @@ module ActiveStorage
|
|
50
50
|
mattr_accessor :content_types_to_serve_as_binary, default: []
|
51
51
|
mattr_accessor :content_types_allowed_inline, default: []
|
52
52
|
mattr_accessor :binary_content_type, default: "application/octet-stream"
|
53
|
+
mattr_accessor :supported_image_processing_methods, default: [
|
54
|
+
"adaptive_blur",
|
55
|
+
"adaptive_resize",
|
56
|
+
"adaptive_sharpen",
|
57
|
+
"adjoin",
|
58
|
+
"affine",
|
59
|
+
"alpha",
|
60
|
+
"annotate",
|
61
|
+
"antialias",
|
62
|
+
"append",
|
63
|
+
"apply",
|
64
|
+
"attenuate",
|
65
|
+
"authenticate",
|
66
|
+
"auto_gamma",
|
67
|
+
"auto_level",
|
68
|
+
"auto_orient",
|
69
|
+
"auto_threshold",
|
70
|
+
"backdrop",
|
71
|
+
"background",
|
72
|
+
"bench",
|
73
|
+
"bias",
|
74
|
+
"bilateral_blur",
|
75
|
+
"black_point_compensation",
|
76
|
+
"black_threshold",
|
77
|
+
"blend",
|
78
|
+
"blue_primary",
|
79
|
+
"blue_shift",
|
80
|
+
"blur",
|
81
|
+
"border",
|
82
|
+
"bordercolor",
|
83
|
+
"borderwidth",
|
84
|
+
"brightness_contrast",
|
85
|
+
"cache",
|
86
|
+
"canny",
|
87
|
+
"caption",
|
88
|
+
"channel",
|
89
|
+
"channel_fx",
|
90
|
+
"charcoal",
|
91
|
+
"chop",
|
92
|
+
"clahe",
|
93
|
+
"clamp",
|
94
|
+
"clip",
|
95
|
+
"clip_path",
|
96
|
+
"clone",
|
97
|
+
"clut",
|
98
|
+
"coalesce",
|
99
|
+
"colorize",
|
100
|
+
"colormap",
|
101
|
+
"color_matrix",
|
102
|
+
"colors",
|
103
|
+
"colorspace",
|
104
|
+
"colourspace",
|
105
|
+
"color_threshold",
|
106
|
+
"combine",
|
107
|
+
"combine_options",
|
108
|
+
"comment",
|
109
|
+
"compare",
|
110
|
+
"complex",
|
111
|
+
"compose",
|
112
|
+
"composite",
|
113
|
+
"compress",
|
114
|
+
"connected_components",
|
115
|
+
"contrast",
|
116
|
+
"contrast_stretch",
|
117
|
+
"convert",
|
118
|
+
"convolve",
|
119
|
+
"copy",
|
120
|
+
"crop",
|
121
|
+
"cycle",
|
122
|
+
"deconstruct",
|
123
|
+
"define",
|
124
|
+
"delay",
|
125
|
+
"delete",
|
126
|
+
"density",
|
127
|
+
"depth",
|
128
|
+
"descend",
|
129
|
+
"deskew",
|
130
|
+
"despeckle",
|
131
|
+
"direction",
|
132
|
+
"displace",
|
133
|
+
"dispose",
|
134
|
+
"dissimilarity_threshold",
|
135
|
+
"dissolve",
|
136
|
+
"distort",
|
137
|
+
"dither",
|
138
|
+
"draw",
|
139
|
+
"duplicate",
|
140
|
+
"edge",
|
141
|
+
"emboss",
|
142
|
+
"encoding",
|
143
|
+
"endian",
|
144
|
+
"enhance",
|
145
|
+
"equalize",
|
146
|
+
"evaluate",
|
147
|
+
"evaluate_sequence",
|
148
|
+
"extent",
|
149
|
+
"extract",
|
150
|
+
"family",
|
151
|
+
"features",
|
152
|
+
"fft",
|
153
|
+
"fill",
|
154
|
+
"filter",
|
155
|
+
"flatten",
|
156
|
+
"flip",
|
157
|
+
"floodfill",
|
158
|
+
"flop",
|
159
|
+
"font",
|
160
|
+
"foreground",
|
161
|
+
"format",
|
162
|
+
"frame",
|
163
|
+
"function",
|
164
|
+
"fuzz",
|
165
|
+
"fx",
|
166
|
+
"gamma",
|
167
|
+
"gaussian_blur",
|
168
|
+
"geometry",
|
169
|
+
"gravity",
|
170
|
+
"grayscale",
|
171
|
+
"green_primary",
|
172
|
+
"hald_clut",
|
173
|
+
"highlight_color",
|
174
|
+
"hough_lines",
|
175
|
+
"iconGeometry",
|
176
|
+
"iconic",
|
177
|
+
"identify",
|
178
|
+
"ift",
|
179
|
+
"illuminant",
|
180
|
+
"immutable",
|
181
|
+
"implode",
|
182
|
+
"insert",
|
183
|
+
"intensity",
|
184
|
+
"intent",
|
185
|
+
"interlace",
|
186
|
+
"interline_spacing",
|
187
|
+
"interpolate",
|
188
|
+
"interpolative_resize",
|
189
|
+
"interword_spacing",
|
190
|
+
"kerning",
|
191
|
+
"kmeans",
|
192
|
+
"kuwahara",
|
193
|
+
"label",
|
194
|
+
"lat",
|
195
|
+
"layers",
|
196
|
+
"level",
|
197
|
+
"level_colors",
|
198
|
+
"limit",
|
199
|
+
"limits",
|
200
|
+
"linear_stretch",
|
201
|
+
"linewidth",
|
202
|
+
"liquid_rescale",
|
203
|
+
"list",
|
204
|
+
"loader",
|
205
|
+
"log",
|
206
|
+
"loop",
|
207
|
+
"lowlight_color",
|
208
|
+
"magnify",
|
209
|
+
"map",
|
210
|
+
"mattecolor",
|
211
|
+
"median",
|
212
|
+
"mean_shift",
|
213
|
+
"metric",
|
214
|
+
"mode",
|
215
|
+
"modulate",
|
216
|
+
"moments",
|
217
|
+
"monitor",
|
218
|
+
"monochrome",
|
219
|
+
"morph",
|
220
|
+
"morphology",
|
221
|
+
"mosaic",
|
222
|
+
"motion_blur",
|
223
|
+
"name",
|
224
|
+
"negate",
|
225
|
+
"noise",
|
226
|
+
"normalize",
|
227
|
+
"opaque",
|
228
|
+
"ordered_dither",
|
229
|
+
"orient",
|
230
|
+
"page",
|
231
|
+
"paint",
|
232
|
+
"pause",
|
233
|
+
"perceptible",
|
234
|
+
"ping",
|
235
|
+
"pointsize",
|
236
|
+
"polaroid",
|
237
|
+
"poly",
|
238
|
+
"posterize",
|
239
|
+
"precision",
|
240
|
+
"preview",
|
241
|
+
"process",
|
242
|
+
"quality",
|
243
|
+
"quantize",
|
244
|
+
"quiet",
|
245
|
+
"radial_blur",
|
246
|
+
"raise",
|
247
|
+
"random_threshold",
|
248
|
+
"range_threshold",
|
249
|
+
"red_primary",
|
250
|
+
"regard_warnings",
|
251
|
+
"region",
|
252
|
+
"remote",
|
253
|
+
"render",
|
254
|
+
"repage",
|
255
|
+
"resample",
|
256
|
+
"resize",
|
257
|
+
"resize_to_fill",
|
258
|
+
"resize_to_fit",
|
259
|
+
"resize_to_limit",
|
260
|
+
"resize_and_pad",
|
261
|
+
"respect_parentheses",
|
262
|
+
"reverse",
|
263
|
+
"roll",
|
264
|
+
"rotate",
|
265
|
+
"sample",
|
266
|
+
"sampling_factor",
|
267
|
+
"saver",
|
268
|
+
"scale",
|
269
|
+
"scene",
|
270
|
+
"screen",
|
271
|
+
"seed",
|
272
|
+
"segment",
|
273
|
+
"selective_blur",
|
274
|
+
"separate",
|
275
|
+
"sepia_tone",
|
276
|
+
"shade",
|
277
|
+
"shadow",
|
278
|
+
"shared_memory",
|
279
|
+
"sharpen",
|
280
|
+
"shave",
|
281
|
+
"shear",
|
282
|
+
"sigmoidal_contrast",
|
283
|
+
"silent",
|
284
|
+
"similarity_threshold",
|
285
|
+
"size",
|
286
|
+
"sketch",
|
287
|
+
"smush",
|
288
|
+
"snaps",
|
289
|
+
"solarize",
|
290
|
+
"sort_pixels",
|
291
|
+
"sparse_color",
|
292
|
+
"splice",
|
293
|
+
"spread",
|
294
|
+
"statistic",
|
295
|
+
"stegano",
|
296
|
+
"stereo",
|
297
|
+
"storage_type",
|
298
|
+
"stretch",
|
299
|
+
"strip",
|
300
|
+
"stroke",
|
301
|
+
"strokewidth",
|
302
|
+
"style",
|
303
|
+
"subimage_search",
|
304
|
+
"swap",
|
305
|
+
"swirl",
|
306
|
+
"synchronize",
|
307
|
+
"taint",
|
308
|
+
"text_font",
|
309
|
+
"threshold",
|
310
|
+
"thumbnail",
|
311
|
+
"tile_offset",
|
312
|
+
"tint",
|
313
|
+
"title",
|
314
|
+
"transform",
|
315
|
+
"transparent",
|
316
|
+
"transparent_color",
|
317
|
+
"transpose",
|
318
|
+
"transverse",
|
319
|
+
"treedepth",
|
320
|
+
"trim",
|
321
|
+
"type",
|
322
|
+
"undercolor",
|
323
|
+
"unique_colors",
|
324
|
+
"units",
|
325
|
+
"unsharp",
|
326
|
+
"update",
|
327
|
+
"valid_image",
|
328
|
+
"view",
|
329
|
+
"vignette",
|
330
|
+
"virtual_pixel",
|
331
|
+
"visual",
|
332
|
+
"watermark",
|
333
|
+
"wave",
|
334
|
+
"wavelet_denoise",
|
335
|
+
"weight",
|
336
|
+
"white_balance",
|
337
|
+
"white_point",
|
338
|
+
"white_threshold",
|
339
|
+
"window",
|
340
|
+
"window_group",
|
341
|
+
]
|
342
|
+
mattr_accessor :unsupported_image_processing_arguments
|
53
343
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: activestorage
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.2.
|
4
|
+
version: 5.2.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Heinemeier Hansson
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-03-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: actionpack
|
@@ -16,28 +16,28 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 5.2.
|
19
|
+
version: 5.2.7
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 5.2.
|
26
|
+
version: 5.2.7
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: activerecord
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - '='
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 5.2.
|
33
|
+
version: 5.2.7
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - '='
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 5.2.
|
40
|
+
version: 5.2.7
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: marcel
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -124,9 +124,9 @@ homepage: http://rubyonrails.org
|
|
124
124
|
licenses:
|
125
125
|
- MIT
|
126
126
|
metadata:
|
127
|
-
source_code_uri: https://github.com/rails/rails/tree/v5.2.
|
128
|
-
changelog_uri: https://github.com/rails/rails/blob/v5.2.
|
129
|
-
post_install_message:
|
127
|
+
source_code_uri: https://github.com/rails/rails/tree/v5.2.7/activestorage
|
128
|
+
changelog_uri: https://github.com/rails/rails/blob/v5.2.7/activestorage/CHANGELOG.md
|
129
|
+
post_install_message:
|
130
130
|
rdoc_options: []
|
131
131
|
require_paths:
|
132
132
|
- lib
|
@@ -142,7 +142,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
142
142
|
version: '0'
|
143
143
|
requirements: []
|
144
144
|
rubygems_version: 3.1.6
|
145
|
-
signing_key:
|
145
|
+
signing_key:
|
146
146
|
specification_version: 4
|
147
147
|
summary: Local and cloud file storage framework.
|
148
148
|
test_files: []
|