Wrap Image::Magick Read method to check magic bytes
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib/Image/Magick
t
.gitignore
.travis.yml
Changes
MANIFEST
Makefile.PL
README.md

README.md

NAME

Image::Magick::Safer - Wrap Image::Magick Read method to check magic bytes

<a href='https://travis-ci.org/Humanstate/image-magick-safer?branch=master'><img src='https://travis-ci.org/Humanstate/image-magick-safer.svg?branch=master' alt='Build Status' /></a>
<a href='https://coveralls.io/r/Humanstate/image-magick-safer?branch=master'><img src='https://coveralls.io/repos/Humanstate/image-magick-safer/badge.png?branch=master' alt='Coverage Status' /></a>

VERSION

0.07

SYNOPSIS

    use Image::Magick::Safer;

    # functions just like Image::Magick but wraps the Read method
    # to check the magic bytes of any images using File::LibMagic
    my $magick = Image::Magick::Safer->new;

    # if any @files have a MIME type that looks questionable then
    # $e will be populated
    if ( my $e = $magick->Read( @files ) ) {
            # bail out, unsafe to continue
            ....
    }

DESCRIPTION

Image::Magick::Safer is a drop in wrapper around Image::Magick, it adds a magic byte check to the Read method to check the file MIME type using File::LibMagic. If a file looks questionable then it will prevent the file being passed to the real Image::Magick::Read method and return an error. If a file cannot be opened, because it does not exist or it is prefixed with a pipe, an error will also be returned.

You can replace any calls to Image::Magick with Image::Magick::Safer and the functionality will be retained with the added Read protection. The aliases for Read will also be made safe.

If you need to override the default MIME types then you can set the modules $Image::Magick::Safer::Unsafe hash to something else or add extra types:

    # add SVG check to the defaults
    $Image::Magick::Safer::Unsafe->{'image/svg+xml'} = 1;

The default MIME types considered unsafe are as follows:

    text/plain
    application/x-compress
    application/x-compressed
    application/gzip
    application/bzip2
    application/x-bzip2
    application/x-gzip
    application/x-rar
    application/x-z
    application/z

Leading pipes are also considered unsafe, as well as any reference to files that cannot be found.

Note that i make NO GUARANTEE that this will fix and/or protect you from exploits, it's just another safety check. You should update to the latest version of ImageMagick to protect yourself against potential exploits.

Also note that to install the File::LibMagic module you will need to have both the library (libmagic.so) and the header file (magic.h). See the perldoc for File::LibMagic for more information.

WHY ISN'T THIS A PATCH IN Image::Magick?

Image::Magick moves at a glacial pace, and involves a 14,000 line XS file. No thanks. This will probably get patched in the next version, so for the time being this module exists.

KNOWN BUGS

DOES NOT WORK with BSD 10.1 and 7.0.1 and i can't figure out why. If you can figure out why then please submit a pull request. This is possibly some libmagic weirdness going on.

SEE ALSO

Image::Magick - the library this module wraps

https://www.imagemagick.org - ImageMagick

https://imagetragick.com/ - ImageMagick exploits

http://permalink.gmane.org/gmane.comp.security.oss.general/19669 - GraphicsMagick and ImageMagick popen() shell vulnerability via filename

AUTHOR

Lee Johnson - leejo@cpan.org

LICENSE

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself. If you would like to contribute documentation, features, bug fixes, or anything else then please raise an issue / pull request:

https://github.com/Humanstate/image-magick-safer