carrierwave-bombshelter 0.2.0.1 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/carrierwave-bombshelter.gemspec +4 -0
- data/lib/carrierwave/bombshelter.rb +10 -4
- data/lib/carrierwave/bombshelter/version.rb +1 -1
- metadata +58 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f967fc711c4317a24c315f2c36d677541c776ad6
|
|
4
|
+
data.tar.gz: 9e69636cf22c3fbe5fc1f0d04f8d7779a8a90aea
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0156533849d6e3f42fdbc50badf688c02edb84da4e24242375cb26fc70fde380503738131f11483218dc8c88c3ded3e97b84226f57704361c3f6cab4bd9cac40
|
|
7
|
+
data.tar.gz: 2da176b742ab05c707d51414710a185b74b70378204aea4237319804440a82f9e6d3e16ca9795fde7a21bb95e5df66bac9db5340547cbd28fc78fb9ea1a374d4
|
data/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
[](https://travis-ci.org/DarthSim/carrierwave-bombshelter)
|
|
4
4
|
|
|
5
|
-
BombShelter is a module which protects your uploaders from image bombs like
|
|
5
|
+
BombShelter is a module which protects your uploaders from image bombs like https://www.bamsoftware.com/hacks/deflate.html and http://www.openwall.com/lists/oss-security/2016/05/03/18. It checks type and pixel dimensions of uploaded image before ImageMagick touches it.
|
|
6
6
|
|
|
7
7
|
<a href="https://evilmartians.com/">
|
|
8
8
|
<img src="https://evilmartians.com/badges/sponsored-by-evil-martians.svg" alt="Sponsored by Evil Martians" width="236" height="54">
|
|
@@ -22,6 +22,10 @@ Gem::Specification.new do |spec|
|
|
|
22
22
|
spec.add_development_dependency 'rake', '~> 10.0'
|
|
23
23
|
spec.add_development_dependency 'minitest'
|
|
24
24
|
spec.add_development_dependency 'webmock'
|
|
25
|
+
spec.add_development_dependency 'fog-core'
|
|
26
|
+
spec.add_development_dependency 'fog'
|
|
27
|
+
spec.add_development_dependency 'fog-aws'
|
|
28
|
+
spec.add_development_dependency 'pry'
|
|
25
29
|
|
|
26
30
|
spec.add_dependency 'activesupport', '>= 3.2.0'
|
|
27
31
|
spec.add_dependency 'fastimage'
|
|
@@ -33,7 +33,7 @@ module CarrierWave
|
|
|
33
33
|
private
|
|
34
34
|
|
|
35
35
|
def protect_from_image_bomb!(new_file)
|
|
36
|
-
image = FastImage.new(
|
|
36
|
+
image = FastImage.new(get_file(new_file))
|
|
37
37
|
check_image_type!(image)
|
|
38
38
|
check_pixel_dimensions!(image)
|
|
39
39
|
end
|
|
@@ -58,9 +58,15 @@ module CarrierWave
|
|
|
58
58
|
)
|
|
59
59
|
end
|
|
60
60
|
|
|
61
|
-
def
|
|
62
|
-
|
|
63
|
-
|
|
61
|
+
def get_file(file)
|
|
62
|
+
case file
|
|
63
|
+
when CarrierWave::Storage::Fog::File
|
|
64
|
+
file.url
|
|
65
|
+
when CarrierWave::SanitizedFile, CarrierWave::Uploader::Base
|
|
66
|
+
get_file(file.file)
|
|
67
|
+
else
|
|
68
|
+
file
|
|
69
|
+
end
|
|
64
70
|
end
|
|
65
71
|
end
|
|
66
72
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: carrierwave-bombshelter
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- DarthSim
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-05-
|
|
11
|
+
date: 2016-05-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -66,6 +66,62 @@ dependencies:
|
|
|
66
66
|
- - ">="
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '0'
|
|
69
|
+
- !ruby/object:Gem::Dependency
|
|
70
|
+
name: fog-core
|
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
|
72
|
+
requirements:
|
|
73
|
+
- - ">="
|
|
74
|
+
- !ruby/object:Gem::Version
|
|
75
|
+
version: '0'
|
|
76
|
+
type: :development
|
|
77
|
+
prerelease: false
|
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
+
requirements:
|
|
80
|
+
- - ">="
|
|
81
|
+
- !ruby/object:Gem::Version
|
|
82
|
+
version: '0'
|
|
83
|
+
- !ruby/object:Gem::Dependency
|
|
84
|
+
name: fog
|
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
|
86
|
+
requirements:
|
|
87
|
+
- - ">="
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: '0'
|
|
90
|
+
type: :development
|
|
91
|
+
prerelease: false
|
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
93
|
+
requirements:
|
|
94
|
+
- - ">="
|
|
95
|
+
- !ruby/object:Gem::Version
|
|
96
|
+
version: '0'
|
|
97
|
+
- !ruby/object:Gem::Dependency
|
|
98
|
+
name: fog-aws
|
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
|
100
|
+
requirements:
|
|
101
|
+
- - ">="
|
|
102
|
+
- !ruby/object:Gem::Version
|
|
103
|
+
version: '0'
|
|
104
|
+
type: :development
|
|
105
|
+
prerelease: false
|
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
+
requirements:
|
|
108
|
+
- - ">="
|
|
109
|
+
- !ruby/object:Gem::Version
|
|
110
|
+
version: '0'
|
|
111
|
+
- !ruby/object:Gem::Dependency
|
|
112
|
+
name: pry
|
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
|
114
|
+
requirements:
|
|
115
|
+
- - ">="
|
|
116
|
+
- !ruby/object:Gem::Version
|
|
117
|
+
version: '0'
|
|
118
|
+
type: :development
|
|
119
|
+
prerelease: false
|
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
+
requirements:
|
|
122
|
+
- - ">="
|
|
123
|
+
- !ruby/object:Gem::Version
|
|
124
|
+
version: '0'
|
|
69
125
|
- !ruby/object:Gem::Dependency
|
|
70
126
|
name: activesupport
|
|
71
127
|
requirement: !ruby/object:Gem::Requirement
|