image_vise 0.0.20 → 0.0.21

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ec4d4b81f950cbc31ce3ac5c43d311c0049a5497
-  data.tar.gz: d3558ea48e705fe17e18fff1036d48f8c1ecdd3d
+  metadata.gz: 6a79d07f95e9fcf0800a432a49420da6d856ee52
+  data.tar.gz: 5bd849b46ac06048071bbad834e9bf2a396f902e
 SHA512:
-  metadata.gz: b21bc99a45b1b6830d7f38b6b507103d50603e5fd370167a9f1d2ba9eb941d332580fa5d713f20a80e58eeb21cb2e0e9a79a2ea8054e12a816d7260a33299d50
-  data.tar.gz: e14e15cf5306b14cb53e7f89e306753bc1e4c3db601f689716d7c146636b8d701e02d2f1144fa152c26a4aa1ff07925945a2eae55db608f697d534a8d39b0a0a
+  metadata.gz: 8ab89461f69e6efb15e776f73dfcd1fc85346b8744cce1d0b9b2df28bd44cb75f0a23bb12e6be61394609cbe60354d64ad04b4124c941f1ac26770e5c5f5d684
+  data.tar.gz: 24fd679469621e2c2e03c039e22185fde97e931bc2883a9c3dc8c5733e376363fa78c4ce21ed970559b6173efc492a821e7a266079ab7666bd359bb43c1ac7c2

data/image_vise.gemspec

@@ -2,11 +2,11 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: image_vise 0.0.20 ruby lib
+# stub: image_vise 0.0.21 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "image_vise"
-  s.version = "0.0.20"
+  s.version = "0.0.21"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib"]
@@ -55,7 +55,9 @@ Gem::Specification.new do |s|
     "spec/spec_helper.rb",
     "spec/test_server.rb",
     "spec/waterside_magic_hour.jpg",
-    "spec/waterside_magic_hour_adobergb.jpg"
+    "spec/waterside_magic_hour.psd",
+    "spec/waterside_magic_hour_adobergb.jpg",
+    "spec/waterside_magic_hour_gray.tif"
   ]
   s.homepage = "https://github.com/WeTransfer/image_vise"
   s.licenses = ["MIT"]

data/lib/image_vise/render_engine.rb

@@ -18,10 +18,14 @@ class ImageVise::RenderEngine
   # How long is a render (the ImageMagick/write part) is allowed to
   # take before we kill it
   RENDER_TIMEOUT_SECONDS = 10
-  
+
   # Which input files we permit (based on extensions stored in MagicBytes)
-  PERMITTED_EXTENSIONS = %w( gif png jpg )
-  
+  PERMITTED_SOURCE_FILE_EXTENSIONS = %w( gif png jpg )
+
+  # Which output files are permitted (regardless of the input format
+  # the processed images will be converted to one of these types)
+  PERMITTED_OUTPUT_FILE_EXTENSIONS = %W( gif png jpg)
+
   # How long should we wait when fetching the image from the external host
   EXTERNAL_IMAGE_FETCH_TIMEOUT_SECONDS = 4
   
@@ -81,6 +85,9 @@ class ImageVise::RenderEngine
     
     # Make sure we do not try to process something...questionable
     source_file_type = detect_file_type(source_file)
+    unless source_file_type_permitted?(source_file_type)
+      raise UnsupportedInputFormat.new("Unsupported/unknown input file format .%s" % source_file_type.ext)
+    end
     
     # Perform the processing
     if enable_forking?
@@ -136,13 +143,17 @@ class ImageVise::RenderEngine
   
   def detect_file_type(tempfile)
     tempfile.rewind
-    
-    file_info = MagicBytes.read_and_detect(tempfile)
-    return file_info if PERMITTED_EXTENSIONS.include?(file_info.ext)
-    raise UnsupportedInputFormat.new("Unsupported/unknown input file format .%s" %
-       file_info.ext)
+    MagicBytes.read_and_detect(tempfile)
   end
-  
+
+  def source_file_type_permitted?(magick_bytes_file_info)
+    PERMITTED_SOURCE_FILE_EXTENSIONS.include?(magick_bytes_file_info.ext)
+  end
+
+  def output_file_type_permitted?(magick_bytes_file_info)
+    PERMITTED_OUTPUT_FILE_EXTENSIONS.include?(magick_bytes_file_info.ext)
+  end
+
   # Lists exceptions that should lead to the request being flagged
   # as invalid (and not 5xx). Decent clients should _not_ retry those requests.
   def permanent_failures
@@ -188,6 +199,7 @@ class ImageVise::RenderEngine
     # If processing the image has created an alpha channel, use PNG always.
     # Otherwise, keep the original format for as far as the supported formats list goes.
     render_file_type = PNG_FILE_TYPE if magick_image.alpha?
+    render_file_type = PNG_FILE_TYPE unless output_file_type_permitted?(render_file_type)
     
     magick_image.format = render_file_type.ext
     magick_image.write(render_to_path)
@@ -227,6 +239,7 @@ class ImageVise::RenderEngine
     end
     tf.rewind; tf
   rescue Errno::ENOENT
+    tf.close; tf.unlink;
     bail 404, "Image file not found" 
   rescue Exception => e
     tf.close; tf.unlink;

data/lib/image_vise.rb

@@ -8,7 +8,7 @@ require 'base64'
 require 'rack'
 
 class ImageVise
-  VERSION = '0.0.20'
+  VERSION = '0.0.21'
   S_MUTEX = Mutex.new
   private_constant :S_MUTEX
   

data/spec/image_vise/render_engine_spec.rb

@@ -209,5 +209,74 @@ describe ImageVise::RenderEngine do
 
       examine_image_from_string(last_response.body)
     end
+
+    it 'forbids a PSD file by default' do
+      uri = Addressable::URI.parse(public_url_psd)
+      ImageVise.add_allowed_host!(uri.host)
+      ImageVise.add_secret_key!('l33tness')
+
+      p = ImageVise::Pipeline.new.geom(geometry_string: '220x220').ellipse_stencil
+      image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
+      params = image_request.to_query_string_params('l33tness')
+
+      get '/', params
+      expect(last_response.status).to eq(422)
+      expect(last_response.body).to include('unknown input file format .psd')
+    end
+
+    it 'permits a PSD file if it is permitted via a method override' do
+      uri = Addressable::URI.parse(public_url_psd)
+      ImageVise.add_allowed_host!(uri.host)
+      ImageVise.add_secret_key!('l33tness')
+
+      p = ImageVise::Pipeline.new.geom(geometry_string: '220x220')
+      image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
+      params = image_request.to_query_string_params('l33tness')
+
+      class << app
+        def source_file_type_permitted?(type); true; end
+      end
+
+      get '/', params
+      expect(last_response.status).to eq(200)
+      expect(last_response.headers['Content-Type']).to eq('image/png')
+    end
+    
+    it 'outputs a converted TIFF file as a PNG' do
+      uri = Addressable::URI.parse(public_url_tif)
+      ImageVise.add_allowed_host!(uri.host)
+      ImageVise.add_secret_key!('l33tness')
+
+      p = ImageVise::Pipeline.new.geom(geometry_string: '220x220')
+      image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
+      params = image_request.to_query_string_params('l33tness')
+
+      class << app
+        def source_file_type_permitted?(type); true; end
+      end
+
+      get '/', params
+      expect(last_response.status).to eq(200)
+      expect(last_response.headers['Content-Type']).to eq('image/png')
+    end
+    
+    it 'outputs a converted TIFF file in the TIFF format if it is on the permitted list' do
+      uri = Addressable::URI.parse(public_url_tif)
+      ImageVise.add_allowed_host!(uri.host)
+      ImageVise.add_secret_key!('l33tness')
+
+      p = ImageVise::Pipeline.new.geom(geometry_string: '220x220')
+      image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
+      params = image_request.to_query_string_params('l33tness')
+
+      class << app
+        def source_file_type_permitted?(type); true; end
+        def output_file_type_permitted?(type); true; end
+      end
+
+      get '/', params
+      expect(last_response.status).to eq(200)
+      expect(last_response.headers['Content-Type']).to eq('image/tiff')
+    end
   end
 end

data/spec/spec_helper.rb

@@ -64,6 +64,14 @@ RSpec.configure do | config |
     File.expand_path(__dir__ + '/waterside_magic_hour.jpg')
   end
 
+  def test_image_path_psd
+    File.expand_path(__dir__ + '/waterside_magic_hour.psd')
+  end
+
+  def test_image_path_tif
+    File.expand_path(__dir__ + '/waterside_magic_hour_gray.tif')
+  end
+
   def test_image_adobergb_path
     File.expand_path(__dir__ + '/waterside_magic_hour_adobergb.jpg')
   end
@@ -72,6 +80,14 @@ RSpec.configure do | config |
     'http://localhost:9001/waterside_magic_hour.jpg'
   end
 
+  def public_url_psd
+    'http://localhost:9001/waterside_magic_hour.psd'
+  end
+
+  def public_url_tif
+    'http://localhost:9001/waterside_magic_hour_gray.tif'
+  end
+
   config.around :each do |e|
     STRICT_ENV.with_protected_env { e.run }
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: image_vise
 version: !ruby/object:Gem::Version
-  version: 0.0.20
+  version: 0.0.21
 platform: ruby
 authors:
 - Julik Tarkhanov
@@ -284,7 +284,9 @@ files:
 - spec/spec_helper.rb
 - spec/test_server.rb
 - spec/waterside_magic_hour.jpg
+- spec/waterside_magic_hour.psd
 - spec/waterside_magic_hour_adobergb.jpg
+- spec/waterside_magic_hour_gray.tif
 homepage: https://github.com/WeTransfer/image_vise
 licenses:
 - MIT