Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent pixel flood attacks #254

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

blakestoddard
Copy link
Contributor

Presenting large images to ImageProxy that need transformations will cause ImageProxy to crash in some environments, resulting in a DoS attack -- https://gist.github.com/blakestoddard/a2cb5b98eaf335f0f474fcd09c1a751b using https://a.uguu.se/cGlgezGk.jpg (temp link that will expire, but it's a 64250x64250 image).

An easy fix is to halt transform operations for images over a certain pixel threshold. The 10000x10000 that I chose here is arbitrary, I only picked it since it matches the policy that we use internally for other things like ImageMagick.

By returning an error from Transform(), we prevent ImageProxy from crashing while still serving the original requested, untransformed image.

@codecov
Copy link

codecov bot commented Dec 8, 2020

Codecov Report

Merging #254 (8572c5b) into main (c08b3c5) will decrease coverage by 0.24%.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #254      +/-   ##
==========================================
- Coverage   87.27%   87.03%   -0.25%     
==========================================
  Files           6        6              
  Lines         503      509       +6     
==========================================
+ Hits          439      443       +4     
- Misses         36       37       +1     
- Partials       28       29       +1     
Impacted Files Coverage Δ
transform.go 88.48% <100.00%> (-0.83%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c08b3c5...3b16e68. Read the comment docs.

@blakestoddard
Copy link
Contributor Author

I'm adding a test, give me a few.

@blakestoddard blakestoddard force-pushed the prevent-pixel-flooding branch from 8572c5b to 3b16e68 Compare December 8, 2020 19:50
@mdkent
Copy link

mdkent commented Apr 7, 2021

Bump! Would love to see this merged, or let me know how we can get it there.

@willnorris
Copy link
Owner

Similar to my comment on #286, if you're trying to prevent abuse, why isn't the solution request signatures? Sure we could prevent requests larger than 10000x10000, but that still doesn't prevent an attack requesting 9999x9999 images with random other transformations that will bypass the cache.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants