NussNougate/crafty-4
2
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2025-01-31 04:46:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'sec/sanitize-image' into 'dev'

Browse Source 
Remove EXIF data on app Background Photos

See merge request crafty-controller/crafty-4!805
This commit is contained in:
Iain Powrie 2025-01-19 17:49:59 +00:00
commit 72520b0384
3 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -9,6 +9,7 @@ TBD
- Bump requests to resolve yank for CVE-2024-35195 ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/808)) - Bump requests to resolve yank for CVE-2024-35195 ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/808))
- Better handle malformed mcping data ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/799)) - Better handle malformed mcping data ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/799))
### Tweaks ### Tweaks
- Remove EXIF image data on app Background Photos ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/805))
- Bump Docker base image `22.04` -> `24.04` ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/812)) - Bump Docker base image `22.04` -> `24.04` ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/812))
- Bump python pip `2.0.3` -> `24.3.1` ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/812)) - Bump python pip `2.0.3` -> `24.3.1` ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/812))
- Bump python setuptools `50.3.2` -> `75.6.0` ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/812)) - Bump python setuptools `50.3.2` -> `75.6.0` ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/812))

16
app/classes/web/routes/api/crafty/upload/index.py
View File

@ -1,6 +1,7 @@
import os import os
import logging import logging
import shutil import shutil
from PIL import Image
from app.classes.models.server_permissions import EnumPermissionsServer from app.classes.models.server_permissions import EnumPermissionsServer
from app.classes.shared.helpers import Helpers from app.classes.shared.helpers import Helpers
from app.classes.web.base_api_handler import BaseApiHandler from app.classes.web.base_api_handler import BaseApiHandler
@ -295,6 +296,21 @@ class ApiFilesUploadHandler(BaseApiHandler):
with open(chunk_file, "rb") as infile: with open(chunk_file, "rb") as infile:
outfile.write(infile.read()) outfile.write(infile.read())
os.remove(chunk_file) os.remove(chunk_file)
if upload_type == "background":
# Strip EXIF data
image_path = os.path.join(file_path)
logger.debug("Stripping exif data from image")
image = Image.open(image_path)
# Get current raw pixel data from image
image_data = list(image.getdata())
# Create new image
image_no_exif = Image.new(image.mode, image.size)
# Restore pixel data
image_no_exif.putdata(image_data)
image_no_exif.save(image_path)
logger.info( logger.info(
f"File upload completed. Filename: {self.filename}" f"File upload completed. Filename: {self.filename}"
f" Path: {file_path} Type: {u_type}" f" Path: {file_path} Type: {u_type}"

1
requirements.txt
View File

@ -20,3 +20,4 @@ tzlocal==5.1
jsonschema==4.19.1 jsonschema==4.19.1
orjson==3.9.15 orjson==3.9.15
prometheus-client==0.17.1 prometheus-client==0.17.1
pillow==10.4.0