/** * An image could not be read from the content. Normally this is fine unless the content-type * states that this is an image in which case it could be an attack. If either the filetype or the * MIME-type indicate that image content should be available but we failed to read it, then return * an error response. */ protected void enforceUnreadableImageRestrictions(Uri uri, HttpResponseBuilder response) { String contentType = response.getHeader(CONTENT_TYPE); if (contentType != null) { contentType = contentType.toLowerCase(); for (String expected : SUPPORTED_MIME_TYPES) { if (contentType.contains(expected)) { // MIME type says its a supported image but we can't read it. Reject. errorResponse(response, HttpResponse.SC_UNSUPPORTED_MEDIA_TYPE, CONTENT_TYPE_AND_MIME_MISMATCH); return; } } } String path = uri.getPath().toLowerCase(); for (String supportedExtension : SUPPORTED_FILE_EXTENSIONS) { if (path.endsWith(supportedExtension)) { // The file extension says its a supported image but we can't read it. Reject. errorResponse(response, HttpResponse.SC_UNSUPPORTED_MEDIA_TYPE, CONTENT_TYPE_AND_EXTENSION_MISMATCH); return; } } }
/** * An image could not be read from the content. Normally this is fine unless the content-type * states that this is an image in which case it could be an attack. If either the filetype or the * MIME-type indicate that image content should be available but we failed to read it, then return * an error response. */ void enforceUnreadableImageRestrictions(Uri uri, HttpResponseBuilder response) { String contentType = response.getHeader(CONTENT_TYPE); if (contentType != null) { contentType = contentType.toLowerCase(); for (String expected : SUPPORTED_MIME_TYPES) { if (contentType.contains(expected)) { // MIME type says its a supported image but we can't read it. Reject. errorResponse(response, HttpResponse.SC_UNSUPPORTED_MEDIA_TYPE, CONTENT_TYPE_AND_MIME_MISMATCH); return; } } } String path = uri.getPath().toLowerCase(); for (String supportedExtension : SUPPORTED_FILE_EXTENSIONS) { if (path.endsWith(supportedExtension)) { // The file extension says its a supported image but we can't read it. Reject. errorResponse(response, HttpResponse.SC_UNSUPPORTED_MEDIA_TYPE, CONTENT_TYPE_AND_EXTENSION_MISMATCH); return; } } }
/** * An image could not be read from the content. Normally this is fine unless the content-type * states that this is an image in which case it could be an attack. If either the filetype or the * MIME-type indicate that image content should be available but we failed to read it, then return * an error response. */ void enforceUnreadableImageRestrictions(Uri uri, HttpResponseBuilder response) { String contentType = response.getHeader(CONTENT_TYPE); if (contentType != null) { contentType = contentType.toLowerCase(); for (String expected : SUPPORTED_MIME_TYPES) { if (contentType.contains(expected)) { // MIME type says its a supported image but we can't read it. Reject. errorResponse(response, HttpResponse.SC_UNSUPPORTED_MEDIA_TYPE, CONTENT_TYPE_AND_MIME_MISMATCH); return; } } } String path = uri.getPath().toLowerCase(); for (String supportedExtension : SUPPORTED_FILE_EXTENSIONS) { if (path.endsWith(supportedExtension)) { // The file extension says its a supported image but we can't read it. Reject. errorResponse(response, HttpResponse.SC_UNSUPPORTED_MEDIA_TYPE, CONTENT_TYPE_AND_EXTENSION_MISMATCH); return; } } }
errorResponse(response, HttpResponse.SC_FORBIDDEN, RESIZE_IMAGE_TOO_LARGE); return;
errorResponse(response, HttpResponse.SC_FORBIDDEN, RESIZE_IMAGE_TOO_LARGE); return;
errorResponse(response, HttpResponse.SC_FORBIDDEN, RESIZE_IMAGE_TOO_LARGE); return false;