RubyGems - image_vise - Versions diffs - 0.0.20 → 0.0.21 - Mend

image_vise 0.0.20 → 0.0.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/image_vise.gemspec +5 -3
data/lib/image_vise/render_engine.rb +22 -9
data/lib/image_vise.rb +1 -1
data/spec/image_vise/render_engine_spec.rb +69 -0
data/spec/spec_helper.rb +16 -0
data/spec/waterside_magic_hour.psd +0 -0
data/spec/waterside_magic_hour_gray.tif +0 -0
metadata +3 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ec4d4b81f950cbc31ce3ac5c43d311c0049a5497
-  data.tar.gz: d3558ea48e705fe17e18fff1036d48f8c1ecdd3d
+  metadata.gz: 6a79d07f95e9fcf0800a432a49420da6d856ee52
+  data.tar.gz: 5bd849b46ac06048071bbad834e9bf2a396f902e
 SHA512:
-  metadata.gz: b21bc99a45b1b6830d7f38b6b507103d50603e5fd370167a9f1d2ba9eb941d332580fa5d713f20a80e58eeb21cb2e0e9a79a2ea8054e12a816d7260a33299d50
-  data.tar.gz: e14e15cf5306b14cb53e7f89e306753bc1e4c3db601f689716d7c146636b8d701e02d2f1144fa152c26a4aa1ff07925945a2eae55db608f697d534a8d39b0a0a
+  metadata.gz: 8ab89461f69e6efb15e776f73dfcd1fc85346b8744cce1d0b9b2df28bd44cb75f0a23bb12e6be61394609cbe60354d64ad04b4124c941f1ac26770e5c5f5d684
+  data.tar.gz: 24fd679469621e2c2e03c039e22185fde97e931bc2883a9c3dc8c5733e376363fa78c4ce21ed970559b6173efc492a821e7a266079ab7666bd359bb43c1ac7c2

data/image_vise.gemspec CHANGED Viewed

@@ -2,11 +2,11 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: image_vise 0.0.20 ruby lib
+# stub: image_vise 0.0.21 ruby lib
 Gem::Specification.new do |s|
   s.name = "image_vise"
-  s.version = "0.0.20"
+  s.version = "0.0.21"
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib"]
@@ -55,7 +55,9 @@ Gem::Specification.new do |s|
     "spec/spec_helper.rb",
     "spec/test_server.rb",
     "spec/waterside_magic_hour.jpg",
-    "spec/waterside_magic_hour_adobergb.jpg"
+    "spec/waterside_magic_hour.psd",
+    "spec/waterside_magic_hour_adobergb.jpg",
+    "spec/waterside_magic_hour_gray.tif"
   ]
   s.homepage = "https://github.com/WeTransfer/image_vise"
   s.licenses = ["MIT"]

data/lib/image_vise/render_engine.rb CHANGED Viewed

@@ -18,10 +18,14 @@ class ImageVise::RenderEngine
   # How long is a render (the ImageMagick/write part) is allowed to
   # take before we kill it
   RENDER_TIMEOUT_SECONDS = 10
   # Which input files we permit (based on extensions stored in MagicBytes)
-  PERMITTED_EXTENSIONS = %w( gif png jpg )
+  PERMITTED_SOURCE_FILE_EXTENSIONS = %w( gif png jpg )
+  # Which output files are permitted (regardless of the input format
+  # the processed images will be converted to one of these types)
+  PERMITTED_OUTPUT_FILE_EXTENSIONS = %W( gif png jpg)
   # How long should we wait when fetching the image from the external host
   EXTERNAL_IMAGE_FETCH_TIMEOUT_SECONDS = 4
@@ -81,6 +85,9 @@ class ImageVise::RenderEngine
     # Make sure we do not try to process something...questionable
     source_file_type = detect_file_type(source_file)
+    unless source_file_type_permitted?(source_file_type)
+      raise UnsupportedInputFormat.new("Unsupported/unknown input file format .%s" % source_file_type.ext)
+    end
     # Perform the processing
     if enable_forking?
@@ -136,13 +143,17 @@ class ImageVise::RenderEngine
   def detect_file_type(tempfile)
     tempfile.rewind
-    file_info = MagicBytes.read_and_detect(tempfile)
-    return file_info if PERMITTED_EXTENSIONS.include?(file_info.ext)
-    raise UnsupportedInputFormat.new("Unsupported/unknown input file format .%s" %
-       file_info.ext)
+    MagicBytes.read_and_detect(tempfile)
   end
+  def source_file_type_permitted?(magick_bytes_file_info)
+    PERMITTED_SOURCE_FILE_EXTENSIONS.include?(magick_bytes_file_info.ext)
+  end
+  def output_file_type_permitted?(magick_bytes_file_info)
+    PERMITTED_OUTPUT_FILE_EXTENSIONS.include?(magick_bytes_file_info.ext)
+  end
   # Lists exceptions that should lead to the request being flagged
   # as invalid (and not 5xx). Decent clients should _not_ retry those requests.
   def permanent_failures
@@ -188,6 +199,7 @@ class ImageVise::RenderEngine
     # If processing the image has created an alpha channel, use PNG always.
     # Otherwise, keep the original format for as far as the supported formats list goes.
     render_file_type = PNG_FILE_TYPE if magick_image.alpha?
+    render_file_type = PNG_FILE_TYPE unless output_file_type_permitted?(render_file_type)
     magick_image.format = render_file_type.ext
     magick_image.write(render_to_path)
@@ -227,6 +239,7 @@ class ImageVise::RenderEngine
     end
     tf.rewind; tf
   rescue Errno::ENOENT
+    tf.close; tf.unlink;
     bail 404, "Image file not found"
   rescue Exception => e
     tf.close; tf.unlink;

data/lib/image_vise.rb CHANGED Viewed

@@ -8,7 +8,7 @@ require 'base64'
 require 'rack'
 class ImageVise
-  VERSION = '0.0.20'
+  VERSION = '0.0.21'
   S_MUTEX = Mutex.new
   private_constant :S_MUTEX

data/spec/image_vise/render_engine_spec.rb CHANGED Viewed

@@ -209,5 +209,74 @@ describe ImageVise::RenderEngine do
       examine_image_from_string(last_response.body)
     end
+    it 'forbids a PSD file by default' do
+      uri = Addressable::URI.parse(public_url_psd)
+      ImageVise.add_allowed_host!(uri.host)
+      ImageVise.add_secret_key!('l33tness')
+      p = ImageVise::Pipeline.new.geom(geometry_string: '220x220').ellipse_stencil
+      image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
+      params = image_request.to_query_string_params('l33tness')
+      get '/', params
+      expect(last_response.status).to eq(422)
+      expect(last_response.body).to include('unknown input file format .psd')
+    end
+    it 'permits a PSD file if it is permitted via a method override' do
+      uri = Addressable::URI.parse(public_url_psd)
+      ImageVise.add_allowed_host!(uri.host)
+      ImageVise.add_secret_key!('l33tness')
+      p = ImageVise::Pipeline.new.geom(geometry_string: '220x220')
+      image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
+      params = image_request.to_query_string_params('l33tness')
+      class << app
+        def source_file_type_permitted?(type); true; end
+      end
+      get '/', params
+      expect(last_response.status).to eq(200)
+      expect(last_response.headers['Content-Type']).to eq('image/png')
+    end
+    it 'outputs a converted TIFF file as a PNG' do
+      uri = Addressable::URI.parse(public_url_tif)
+      ImageVise.add_allowed_host!(uri.host)
+      ImageVise.add_secret_key!('l33tness')
+      p = ImageVise::Pipeline.new.geom(geometry_string: '220x220')
+      image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
+      params = image_request.to_query_string_params('l33tness')
+      class << app
+        def source_file_type_permitted?(type); true; end
+      end
+      get '/', params
+      expect(last_response.status).to eq(200)
+      expect(last_response.headers['Content-Type']).to eq('image/png')
+    end
+    it 'outputs a converted TIFF file in the TIFF format if it is on the permitted list' do
+      uri = Addressable::URI.parse(public_url_tif)
+      ImageVise.add_allowed_host!(uri.host)
+      ImageVise.add_secret_key!('l33tness')
+      p = ImageVise::Pipeline.new.geom(geometry_string: '220x220')
+      image_request = ImageVise::ImageRequest.new(src_url: uri.to_s, pipeline: p)
+      params = image_request.to_query_string_params('l33tness')
+      class << app
+        def source_file_type_permitted?(type); true; end
+        def output_file_type_permitted?(type); true; end
+      end
+      get '/', params
+      expect(last_response.status).to eq(200)
+      expect(last_response.headers['Content-Type']).to eq('image/tiff')
+    end
   end
 end

data/spec/spec_helper.rb CHANGED Viewed

@@ -64,6 +64,14 @@ RSpec.configure do | config |
     File.expand_path(__dir__ + '/waterside_magic_hour.jpg')
   end
+  def test_image_path_psd
+    File.expand_path(__dir__ + '/waterside_magic_hour.psd')
+  end
+  def test_image_path_tif
+    File.expand_path(__dir__ + '/waterside_magic_hour_gray.tif')
+  end
   def test_image_adobergb_path
     File.expand_path(__dir__ + '/waterside_magic_hour_adobergb.jpg')
   end
@@ -72,6 +80,14 @@ RSpec.configure do | config |
     'http://localhost:9001/waterside_magic_hour.jpg'
   end
+  def public_url_psd
+    'http://localhost:9001/waterside_magic_hour.psd'
+  end
+  def public_url_tif
+    'http://localhost:9001/waterside_magic_hour_gray.tif'
+  end
   config.around :each do |e|
     STRICT_ENV.with_protected_env { e.run }
   end

data/spec/waterside_magic_hour.psd ADDED Viewed

Binary file

data/spec/waterside_magic_hour_gray.tif ADDED Viewed

Binary file

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: image_vise
 version: !ruby/object:Gem::Version
-  version: 0.0.20
+  version: 0.0.21
 platform: ruby
 authors:
 - Julik Tarkhanov
@@ -284,7 +284,9 @@ files:
 - spec/spec_helper.rb
 - spec/test_server.rb
 - spec/waterside_magic_hour.jpg
+- spec/waterside_magic_hour.psd
 - spec/waterside_magic_hour_adobergb.jpg
+- spec/waterside_magic_hour_gray.tif
 homepage: https://github.com/WeTransfer/image_vise
 licenses:
 - MIT