/** * An image could not be read from the content. Normally this is fine unless the content-type * states that this is an image in which case it could be an attack. If either the filetype or the * MIME-type indicate that image content should be available but we failed to read it, then return * an error response. */ protected void enforceUnreadableImageRestrictions(Uri uri, HttpResponseBuilder response) { String contentType = response.getHeader(CONTENT_TYPE); if (contentType != null) { contentType = contentType.toLowerCase(); for (String expected : SUPPORTED_MIME_TYPES) { if (contentType.contains(expected)) { // MIME type says its a supported image but we can't read it. Reject. errorResponse(response, HttpResponse.SC_UNSUPPORTED_MEDIA_TYPE, CONTENT_TYPE_AND_MIME_MISMATCH); return; } } } String path = uri.getPath().toLowerCase(); for (String supportedExtension : SUPPORTED_FILE_EXTENSIONS) { if (path.endsWith(supportedExtension)) { // The file extension says its a supported image but we can't read it. Reject. errorResponse(response, HttpResponse.SC_UNSUPPORTED_MEDIA_TYPE, CONTENT_TYPE_AND_EXTENSION_MISMATCH); return; } } }
private BufferedImage stretchImage(BufferedImage image, Integer requestedWidth, Integer requestedHeight, int imageType) { BufferedImage scaledImage = new BufferedImage(requestedWidth, requestedHeight, imageType); Graphics2D g2d = scaledImage.createGraphics(); g2d.setRenderingHint(KEY_INTERPOLATION, VALUE_INTERPOLATION_BICUBIC); fillWithTransparent(g2d, requestedWidth, requestedHeight); g2d.drawImage(image, 0, 0, requestedWidth, requestedHeight, null); image = scaledImage; return image; }
protected boolean isSupportedImageResult(HttpResponseBuilder response, Uri uri) { return isSupportedContent(response) || isImageUri(uri); }
if (!isSupportedContent(response) && !isImage(uri)) { return; if (!isUsableParameter(requestedWidth) || !isUsableParameter(requestedHeight) || !isUsableParameter(resizeQuality)) { return; enforceUnreadableImageRestrictions(uri, response); return; boolean isOversizedImage = isImageTooLarge(imageInfo); if (isResizeRequested && isOversizedImage) { errorResponse(response, HttpResponse.SC_FORBIDDEN, RESIZE_IMAGE_TOO_LARGE); return; BufferedImage image = readImage(imageFormat, response); double ratio = getResizeRatio(requestedWidth, requestedHeight, origWidth, origHeight); int widthAfterStep1 = max(1, (int) Math.round(ratio * origWidth)); widthDelta = requestedWidth - widthAfterStep1; if (isResizeRequired(requestedWidth, requestedHeight, imageInfo) && !isTargetImageTooLarge(requestedWidth, requestedHeight, imageInfo)) { image = resizeImage(image, requestedWidth, requestedHeight, widthDelta, heightDelta); updateResponse(response, image); applyOptimizer(response, imageFormat, image); } catch (IOException ioe) { LOG.log(Level.WARNING, "IO Error rewriting image " + request.toString() + " - " + ioe.getMessage());
if (!isSupportedImageResult(response, uri)) { return; enforceUnreadableImageRestrictions(uri, response); return; Boolean resizeRequested = isResizeRequested(request, response, imageInfo); if (!canRewrite(request, response, imageInfo, resizeRequested)) { return; BufferedImage image = readImage(imageFormat, response); ImageResizeData resizeData = getResizeData(request, response, image, imageInfo); image = resizeImage(image, resizeData.getWidth(), resizeData.getHeight(), resizeData.getWidthDelta(), resizeData.getHeightDelta()); updateResponse(response, image); applyOptimizer(response, imageFormat, jpegImageParams, image, config); } catch (IOException ioe) { if (LOG.isLoggable(Level.WARNING)) {
Integer requestedWidth = request.getParamAsInteger(PARAM_RESIZE_WIDTH); Integer requestedHeight = request.getParamAsInteger(PARAM_RESIZE_HEIGHT); if (!isUsableParameter(requestedWidth) || !isUsableParameter(requestedHeight) || !isUsableParameter(resizeQuality)) { return false; if (isResizeRequested && isImageTooLarge(imageInfo)) { errorResponse(response, HttpResponse.SC_FORBIDDEN, RESIZE_IMAGE_TOO_LARGE); return false; if (imageInfo.getNumberOfImages() > 1 || isImageTooLarge(imageInfo)) { return false;
double ratio = getResizeRatio(requestedWidth, requestedHeight, origWidth, origHeight); int widthAfterStep1 = max(1, (int) Math.round(ratio * origWidth)); widthDelta = requestedWidth - widthAfterStep1; if (isResizeRequired(requestedWidth, requestedHeight, imageInfo) && !isTargetImageTooLarge(requestedWidth, requestedHeight, imageInfo)) { return new ImageResizeData(requestedWidth, requestedHeight, widthDelta, heightDelta); } else {
@Before public void setUp() throws Exception { rewriter = new BasicImageRewriter(new OptimizerConfig()); mockControl = createControl(); }
private boolean isImageTooLarge(ImageInfo imageInfo) { return isTargetImageTooLarge(imageInfo.getWidth(), imageInfo.getHeight(), imageInfo); }
if (!isSupportedContent(response) && !isImage(uri)) { return; if (!isUsableParameter(requestedWidth) || !isUsableParameter(requestedHeight) || !isUsableParameter(resizeQuality)) { return; enforceUnreadableImageRestrictions(uri, response); return; boolean isOversizedImage = isImageTooLarge(imageInfo); if (isResizeRequested && isOversizedImage) { errorResponse(response, HttpResponse.SC_FORBIDDEN, RESIZE_IMAGE_TOO_LARGE); return; BufferedImage image = readImage(imageFormat, response); double ratio = getResizeRatio(requestedWidth, requestedHeight, origWidth, origHeight); int widthAfterStep1 = max(1, (int) Math.round(ratio * origWidth)); widthDelta = requestedWidth - widthAfterStep1; if (isResizeRequired(requestedWidth, requestedHeight, imageInfo) && !isTargetImageTooLarge(requestedWidth, requestedHeight, imageInfo)) { image = resizeImage(image, requestedWidth, requestedHeight, widthDelta, heightDelta); updateResponse(response, image); applyOptimizer(response, imageFormat, image); } catch (IOException ioe) { LOG.log(Level.WARNING, "IO Error rewriting image " + request.toString() + " - " + ioe.getMessage());
@Before public void setUp() throws Exception { rewriter = new BasicImageRewriter(new OptimizerConfig()); mockControl = createControl(); }
private boolean isImageTooLarge(ImageInfo imageInfo) { return isTargetImageTooLarge(imageInfo.getWidth(), imageInfo.getHeight(), imageInfo); }
@Before public void setUp() throws Exception { rewriter = new BasicImageRewriter(new OptimizerConfig()); mockControl = createControl(); }
private BufferedImage stretchImage(BufferedImage image, Integer requestedWidth, Integer requestedHeight, int imageType) { BufferedImage scaledImage = new BufferedImage(requestedWidth, requestedHeight, imageType); Graphics2D g2d = scaledImage.createGraphics(); g2d.setRenderingHint(KEY_INTERPOLATION, VALUE_INTERPOLATION_BICUBIC); fillWithTransparent(g2d, requestedWidth, requestedHeight); g2d.drawImage(image, 0, 0, requestedWidth, requestedHeight, null); image = scaledImage; return image; }
private boolean isImageTooLarge(ImageInfo imageInfo) { return isTargetImageTooLarge(imageInfo.getWidth(), imageInfo.getHeight(), imageInfo); }
/** * An image could not be read from the content. Normally this is fine unless the content-type * states that this is an image in which case it could be an attack. If either the filetype or the * MIME-type indicate that image content should be available but we failed to read it, then return * an error response. */ void enforceUnreadableImageRestrictions(Uri uri, HttpResponseBuilder response) { String contentType = response.getHeader(CONTENT_TYPE); if (contentType != null) { contentType = contentType.toLowerCase(); for (String expected : SUPPORTED_MIME_TYPES) { if (contentType.contains(expected)) { // MIME type says its a supported image but we can't read it. Reject. errorResponse(response, HttpResponse.SC_UNSUPPORTED_MEDIA_TYPE, CONTENT_TYPE_AND_MIME_MISMATCH); return; } } } String path = uri.getPath().toLowerCase(); for (String supportedExtension : SUPPORTED_FILE_EXTENSIONS) { if (path.endsWith(supportedExtension)) { // The file extension says its a supported image but we can't read it. Reject. errorResponse(response, HttpResponse.SC_UNSUPPORTED_MEDIA_TYPE, CONTENT_TYPE_AND_EXTENSION_MISMATCH); return; } } }
private BufferedImage stretchImage(BufferedImage image, Integer requestedWidth, Integer requestedHeight, int imageType) { BufferedImage scaledImage = new BufferedImage(requestedWidth, requestedHeight, imageType); Graphics2D g2d = scaledImage.createGraphics(); g2d.setRenderingHint(KEY_INTERPOLATION, VALUE_INTERPOLATION_BICUBIC); fillWithTransparent(g2d, requestedWidth, requestedHeight); g2d.drawImage(image, 0, 0, requestedWidth, requestedHeight, null); image = scaledImage; return image; }
/** * An image could not be read from the content. Normally this is fine unless the content-type * states that this is an image in which case it could be an attack. If either the filetype or the * MIME-type indicate that image content should be available but we failed to read it, then return * an error response. */ void enforceUnreadableImageRestrictions(Uri uri, HttpResponseBuilder response) { String contentType = response.getHeader(CONTENT_TYPE); if (contentType != null) { contentType = contentType.toLowerCase(); for (String expected : SUPPORTED_MIME_TYPES) { if (contentType.contains(expected)) { // MIME type says its a supported image but we can't read it. Reject. errorResponse(response, HttpResponse.SC_UNSUPPORTED_MEDIA_TYPE, CONTENT_TYPE_AND_MIME_MISMATCH); return; } } } String path = uri.getPath().toLowerCase(); for (String supportedExtension : SUPPORTED_FILE_EXTENSIONS) { if (path.endsWith(supportedExtension)) { // The file extension says its a supported image but we can't read it. Reject. errorResponse(response, HttpResponse.SC_UNSUPPORTED_MEDIA_TYPE, CONTENT_TYPE_AND_EXTENSION_MISMATCH); return; } } }