Skip to content

Fix ImageMagick errors when trying to identify image dimensions#10343

Merged
alecslupu merged 2 commits intodecidim:developfrom
mainio:fix/minimagick-identify-error
Mar 14, 2023
Merged

Fix ImageMagick errors when trying to identify image dimensions#10343
alecslupu merged 2 commits intodecidim:developfrom
mainio:fix/minimagick-identify-error

Conversation

@ahukkanen
Copy link
Copy Markdown
Contributor

@ahukkanen ahukkanen commented Feb 6, 2023
edited
Loading

🎩 What? Why?

Newer ImageMagick versions have changed the default security policy to allow maximum image sizes of 8192 in either dimension as per:
https://imagemagick.org/script/security-policy.php

The Decidim default dev images ship an image named malicious.jpg originating from #334 which is testing that the Decidim is not vulnerable against the pixel flood attack:
https://hackerone.com/reports/390

The test itself is valid but we should handle the ImageMagick errors properly and rescue from them. I am adding a new error to be shown to the user in these cased: File cannot be processed. This makes it easier for admins to try to identify the issue why users might not be able to upload certain images than just showing File resolution is too large in these cases.

This should also help us towards making Decidim work out of the box with Ubuntu 22.04 and other distros alike.

📌 Related Issues

Link your PR to an issue

Testing

  • Install Decidim on Ubuntu 22.04
  • Try to upload the malicious.jpg shipped with the decidim-dev gem as the default user's avatar image
  • See that there is no longer an error

@ahukkanen ahukkanen added module: core type: fix PRs that implement a fix for a bug labels Feb 6, 2023
@ahukkanen ahukkanen marked this pull request as draft February 6, 2023 17:10
@ahukkanen ahukkanen marked this pull request as ready for review February 6, 2023 21:55
@alecslupu alecslupu self-assigned this Feb 14, 2023
@alecslupu
Copy link
Copy Markdown
Contributor

alecslupu commented Mar 14, 2023

indeed, when using:

identify --version
Version: ImageMagick 7.1.0-4 Q16 x86_64 2021-07-18 https://imagemagick.org
Copyright: (C) 1999-2021 ImageMagick Studio LLC
License: https://imagemagick.org/script/license.php
Features: Cipher DPC HDRI Modules OpenMP(4.5) 
Delegates (built-in): bzlib djvu fontconfig freetype gslib heic jbig jng jp2 jpeg lcms lqr ltdl lzma openexr pangocairo png ps raqm raw tiff webp wmf x xml zip zlib

I do not get a 500 error.
image

@alecslupu alecslupu merged commit 3505962 into decidim:develop Mar 14, 2023
@alecslupu alecslupu mentioned this pull request Mar 14, 2023
Merged
@ahukkanen ahukkanen deleted the fix/minimagick-identify-error branch March 15, 2023 11:29
This was referenced Mar 15, 2023
Closed
Merged
entantoencuanto added a commit that referenced this pull request Mar 23, 2023
@entantoencuanto
Merge branch 'feature/redesign' into feature/redesign-assemblies-cont…
3efd15c 
…ent-blocks

* feature/redesign: (97 commits)
  Feature/redesign accountability versions (#10517)
  Redesign: add image to blog item (#10458)
  Redesign: search results (#10380)
  Fix test
  Finalize word standardization (#10557)
  Fix iframes stripped from admin entered proposals, meetings and debates (#10466)
  Fix ImageMagick errors when trying to identify image dimensions (#10343)
  Add required to proposal limit field in Proposal component (#10525)
  Standardize the format of the words "is not" (#10511)
  Standardize the format of the words "has not" (#10510)
  Standardize the format of the words "will not" (#10509)
  Make buttons respect the organizations' primary color (#10526)
  Fix flaky spec for questionnaire templates (#10544)
  Remove the deprecated `optional` option from the file upload modal (#10542)
  Standardize the format of the words "does not" (#10505)
  Standardize the format of the words "was not" (#10514)
  Add Procfile support (#10519)
  Standardize the format of the words "do not" (#10513)
  Change the `optional` option to `required` at participatory texts (#10498)
  Fix destroying scope types that have been associated with processes (#10496)
  ...
entantoencuanto added a commit that referenced this pull request Mar 23, 2023
@entantoencuanto
Merge branch 'feature/redesign' into feature/redesign-card-l-link-who…
2fdcdf9 
…le-card

* feature/redesign: (94 commits)
  Fix test
  Finalize word standardization (#10557)
  Fix iframes stripped from admin entered proposals, meetings and debates (#10466)
  Fix ImageMagick errors when trying to identify image dimensions (#10343)
  Add required to proposal limit field in Proposal component (#10525)
  Standardize the format of the words "is not" (#10511)
  Standardize the format of the words "has not" (#10510)
  Standardize the format of the words "will not" (#10509)
  Make buttons respect the organizations' primary color (#10526)
  Fix flaky spec for questionnaire templates (#10544)
  Remove the deprecated `optional` option from the file upload modal (#10542)
  Standardize the format of the words "does not" (#10505)
  Standardize the format of the words "was not" (#10514)
  Add Procfile support (#10519)
  Standardize the format of the words "do not" (#10513)
  Change the `optional` option to `required` at participatory texts (#10498)
  Fix destroying scope types that have been associated with processes (#10496)
  Fix dynamic upload file field required indicator + make option naming consistent (#10497)
  Standardize the format of the words "should not" (#10515)
  Standardize the format of the words "were not" (#10516)
  ...
entantoencuanto added a commit that referenced this pull request Mar 23, 2023
@entantoencuanto
Merge branch 'feature/redesign' into feature/redesign-filters
7117af5 
* feature/redesign: (99 commits)
  Feature/redesign accountability versions (#10517)
  Redesign: add image to blog item (#10458)
  Redesign: search results (#10380)
  Fix test
  Redesign: layout item (#10376)
  Feature/redesign order filter (#10563)
  Finalize word standardization (#10557)
  Fix iframes stripped from admin entered proposals, meetings and debates (#10466)
  Fix ImageMagick errors when trying to identify image dimensions (#10343)
  Add required to proposal limit field in Proposal component (#10525)
  Standardize the format of the words "is not" (#10511)
  Standardize the format of the words "has not" (#10510)
  Standardize the format of the words "will not" (#10509)
  Make buttons respect the organizations' primary color (#10526)
  Fix flaky spec for questionnaire templates (#10544)
  Remove the deprecated `optional` option from the file upload modal (#10542)
  Standardize the format of the words "does not" (#10505)
  Standardize the format of the words "was not" (#10514)
  Add Procfile support (#10519)
  Standardize the format of the words "do not" (#10513)
  ...
entantoencuanto added a commit that referenced this pull request Mar 23, 2023
@entantoencuanto
Merge branch 'feature/redesign' into feature/redesign-author-tooltip
c68d6bc 
* feature/redesign: (94 commits)
  Fix test
  Finalize word standardization (#10557)
  Fix iframes stripped from admin entered proposals, meetings and debates (#10466)
  Fix ImageMagick errors when trying to identify image dimensions (#10343)
  Add required to proposal limit field in Proposal component (#10525)
  Standardize the format of the words "is not" (#10511)
  Standardize the format of the words "has not" (#10510)
  Standardize the format of the words "will not" (#10509)
  Make buttons respect the organizations' primary color (#10526)
  Fix flaky spec for questionnaire templates (#10544)
  Remove the deprecated `optional` option from the file upload modal (#10542)
  Standardize the format of the words "does not" (#10505)
  Standardize the format of the words "was not" (#10514)
  Add Procfile support (#10519)
  Standardize the format of the words "do not" (#10513)
  Change the `optional` option to `required` at participatory texts (#10498)
  Fix destroying scope types that have been associated with processes (#10496)
  Fix dynamic upload file field required indicator + make option naming consistent (#10497)
  Standardize the format of the words "should not" (#10515)
  Standardize the format of the words "were not" (#10516)
  ...
entantoencuanto added a commit that referenced this pull request Mar 23, 2023
@entantoencuanto
Merge branch 'feature/redesign' into feature/redesign-debates
8886dd5 
* feature/redesign: (98 commits)
  Feature/redesign accountability versions (#10517)
  Redesign: add image to blog item (#10458)
  Redesign: search results (#10380)
  Fix test
  Redesign: layout item (#10376)
  Finalize word standardization (#10557)
  Fix iframes stripped from admin entered proposals, meetings and debates (#10466)
  Fix ImageMagick errors when trying to identify image dimensions (#10343)
  Add required to proposal limit field in Proposal component (#10525)
  Standardize the format of the words "is not" (#10511)
  Standardize the format of the words "has not" (#10510)
  Standardize the format of the words "will not" (#10509)
  Make buttons respect the organizations' primary color (#10526)
  Fix flaky spec for questionnaire templates (#10544)
  Remove the deprecated `optional` option from the file upload modal (#10542)
  Standardize the format of the words "does not" (#10505)
  Standardize the format of the words "was not" (#10514)
  Add Procfile support (#10519)
  Standardize the format of the words "do not" (#10513)
  Change the `optional` option to `required` at participatory texts (#10498)
  ...
entantoencuanto added a commit that referenced this pull request Mar 23, 2023
@entantoencuanto
Merge branch 'feature/redesign' into feature/redesign-budgets
e50d0ce 
* feature/redesign: (97 commits)
  Feature/redesign accountability versions (#10517)
  Redesign: add image to blog item (#10458)
  Redesign: search results (#10380)
  Fix test
  Finalize word standardization (#10557)
  Fix iframes stripped from admin entered proposals, meetings and debates (#10466)
  Fix ImageMagick errors when trying to identify image dimensions (#10343)
  Add required to proposal limit field in Proposal component (#10525)
  Standardize the format of the words "is not" (#10511)
  Standardize the format of the words "has not" (#10510)
  Standardize the format of the words "will not" (#10509)
  Make buttons respect the organizations' primary color (#10526)
  Fix flaky spec for questionnaire templates (#10544)
  Remove the deprecated `optional` option from the file upload modal (#10542)
  Standardize the format of the words "does not" (#10505)
  Standardize the format of the words "was not" (#10514)
  Add Procfile support (#10519)
  Standardize the format of the words "do not" (#10513)
  Change the `optional` option to `required` at participatory texts (#10498)
  Fix destroying scope types that have been associated with processes (#10496)
  ...
entantoencuanto added a commit that referenced this pull request Mar 23, 2023
@entantoencuanto
Merge branch 'feature/redesign' into feature/redesign-proposals-cards…
780cf80 
…-l-g

* feature/redesign: (99 commits)
  Feature/redesign accountability versions (#10517)
  Redesign: add image to blog item (#10458)
  Redesign: search results (#10380)
  Fix test
  Redesign: layout item (#10376)
  Feature/redesign order filter (#10563)
  Finalize word standardization (#10557)
  Fix iframes stripped from admin entered proposals, meetings and debates (#10466)
  Fix ImageMagick errors when trying to identify image dimensions (#10343)
  Add required to proposal limit field in Proposal component (#10525)
  Standardize the format of the words "is not" (#10511)
  Standardize the format of the words "has not" (#10510)
  Standardize the format of the words "will not" (#10509)
  Make buttons respect the organizations' primary color (#10526)
  Fix flaky spec for questionnaire templates (#10544)
  Remove the deprecated `optional` option from the file upload modal (#10542)
  Standardize the format of the words "does not" (#10505)
  Standardize the format of the words "was not" (#10514)
  Add Procfile support (#10519)
  Standardize the format of the words "do not" (#10513)
  ...
entantoencuanto added a commit that referenced this pull request Mar 23, 2023
@entantoencuanto
Merge branch 'feature/redesign' into feature/redesign-process-groups-…
1b425f9 
…content-blocks

* feature/redesign: (99 commits)
  Feature/redesign accountability versions (#10517)
  Redesign: add image to blog item (#10458)
  Redesign: search results (#10380)
  Fix test
  Redesign: layout item (#10376)
  Feature/redesign order filter (#10563)
  Finalize word standardization (#10557)
  Fix iframes stripped from admin entered proposals, meetings and debates (#10466)
  Fix ImageMagick errors when trying to identify image dimensions (#10343)
  Add required to proposal limit field in Proposal component (#10525)
  Standardize the format of the words "is not" (#10511)
  Standardize the format of the words "has not" (#10510)
  Standardize the format of the words "will not" (#10509)
  Make buttons respect the organizations' primary color (#10526)
  Fix flaky spec for questionnaire templates (#10544)
  Remove the deprecated `optional` option from the file upload modal (#10542)
  Standardize the format of the words "does not" (#10505)
  Standardize the format of the words "was not" (#10514)
  Add Procfile support (#10519)
  Standardize the format of the words "do not" (#10513)
  ...
entantoencuanto added a commit that referenced this pull request Mar 23, 2023
@entantoencuanto
Merge branch 'feature/redesign' into feature/redesign-conference-card…
6ef3b0a 
…s-l-g

* feature/redesign: (97 commits)
  Feature/redesign accountability versions (#10517)
  Redesign: add image to blog item (#10458)
  Redesign: search results (#10380)
  Fix test
  Finalize word standardization (#10557)
  Fix iframes stripped from admin entered proposals, meetings and debates (#10466)
  Fix ImageMagick errors when trying to identify image dimensions (#10343)
  Add required to proposal limit field in Proposal component (#10525)
  Standardize the format of the words "is not" (#10511)
  Standardize the format of the words "has not" (#10510)
  Standardize the format of the words "will not" (#10509)
  Make buttons respect the organizations' primary color (#10526)
  Fix flaky spec for questionnaire templates (#10544)
  Remove the deprecated `optional` option from the file upload modal (#10542)
  Standardize the format of the words "does not" (#10505)
  Standardize the format of the words "was not" (#10514)
  Add Procfile support (#10519)
  Standardize the format of the words "do not" (#10513)
  Change the `optional` option to `required` at participatory texts (#10498)
  Fix destroying scope types that have been associated with processes (#10496)
  ...
entantoencuanto added a commit that referenced this pull request Mar 23, 2023
@entantoencuanto
Merge branch 'feature/redesign' into feature/redesign-proposals
df32970 
* feature/redesign: (97 commits)
  Feature/redesign accountability versions (#10517)
  Redesign: add image to blog item (#10458)
  Redesign: search results (#10380)
  Fix test
  Finalize word standardization (#10557)
  Fix iframes stripped from admin entered proposals, meetings and debates (#10466)
  Fix ImageMagick errors when trying to identify image dimensions (#10343)
  Add required to proposal limit field in Proposal component (#10525)
  Standardize the format of the words "is not" (#10511)
  Standardize the format of the words "has not" (#10510)
  Standardize the format of the words "will not" (#10509)
  Make buttons respect the organizations' primary color (#10526)
  Fix flaky spec for questionnaire templates (#10544)
  Remove the deprecated `optional` option from the file upload modal (#10542)
  Standardize the format of the words "does not" (#10505)
  Standardize the format of the words "was not" (#10514)
  Add Procfile support (#10519)
  Standardize the format of the words "do not" (#10513)
  Change the `optional` option to `required` at participatory texts (#10498)
  Fix destroying scope types that have been associated with processes (#10496)
  ...
entantoencuanto added a commit that referenced this pull request Mar 24, 2023
@entantoencuanto
Merge branch 'feature/redesign' into feature/redesign-components-brea…
8647054 
…dcrumb

* feature/redesign: (282 commits)
  include a clause to change a data-attr on the fly
  Update tests
  Restore specs
  Feature/redesign accountability versions (#10517)
  set different modals foreach comment
  Redesign: add image to blog item (#10458)
  unify report button for futher uses
  Redesign: search results (#10380)
  Fix test
  Redesign: layout item (#10376)
  Feature/redesign order filter (#10563)
  Finalize word standardization (#10557)
  Fix iframes stripped from admin entered proposals, meetings and debates (#10466)
  Fix ImageMagick errors when trying to identify image dimensions (#10343)
  Add required to proposal limit field in Proposal component (#10525)
  Standardize the format of the words "is not" (#10511)
  Standardize the format of the words "has not" (#10510)
  Standardize the format of the words "will not" (#10509)
  Make buttons respect the organizations' primary color (#10526)
  Fix flaky spec for questionnaire templates (#10544)
  ...
@alecslupu alecslupu mentioned this pull request Jul 19, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@alecslupu alecslupu alecslupu approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@alecslupu alecslupu

Labels

module: core type: fix PRs that implement a fix for a bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ahukkanen @alecslupu