fix: decompression bomb attack in the Filer

[vinitkumar]

Description

Filer allowed for the images for very high pixels (height * width) to be uploaded. This would cause crash and failures when the high pixels exceeded what is allowed by Pillow Image MAX_IMAGE_PIXELS value.

This is an issue because even though the image is possible to be created and attached to the page, it would never work as PIL always fails to thumbnails such high pixel image and crashes causing crash and high memory usages in such pages.

This patch, fixes this issues in the bud as it wouldn't allow such files to be uploaded via FILER itself. It also allows to set a lower limit FILER_MAX_IMAGE_PIXELS so that users can limit the max pixels to value much lower than what PIL support.

We also choose the pixel value rather than MAX_HEIGHT and MAX_WIDTH to allow different resolutions of image other than square images.

filerdecompressionbomb.mov

Github Issue

• fixes Issue with DecompressionBombWarning with high pixel images #1425
• fixes Restrict maximum image dimensions/resolution #1330

Authored-by: Vinit Kumar vinit.kumar@kidskonnect.nl

Related resources

• https://en.wikipedia.org/wiki/Zip_bomb
• https://github.com/python-pillow/Pillow/blob/main/src/PIL/Image.py#L3148

Checklist

• I have opened this pull request against master
• I have added or modified the tests when changing logic
• I have followed the conventional commits guidelines to add meaningful information into the changelog
• I have read the contribution guidelines and I have joined #workgroup-pr-review on
  Slack to find a “pr review buddy” who is going to review my pull request.

[codecov]

Codecov Report

Attention: 11 lines in your changes are missing coverage. Please review.

Comparison is base (8293ba1) 75.96% compared to head (34045eb) 76.41%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1426      +/-   ##
==========================================
+ Coverage   75.96%   76.41%   +0.44%     
==========================================
  Files          75       75              
  Lines        3454     3510      +56     
  Branches      554      562       +8     
==========================================
+ Hits         2624     2682      +58     
+ Misses        669      666       -3     
- Partials      161      162       +1     

Files	Coverage Δ
filer/admin/imageadmin.py	89.58% <100.00%> (ø)
filer/fields/multistorage_file.py	88.34% <100.00%> (ø)
filer/models/filemodels.py	88.88% <100.00%> (+0.19%)	⬆️
filer/templatetags/filer_admin_tags.py	92.10% <100.00%> (+2.72%)	⬆️
filer/admin/fileadmin.py	94.39% <94.11%> (-0.12%)	⬇️
filer/validation.py	95.45% <80.00%> (+14.37%)	⬆️
filer/admin/clipboardadmin.py	95.12% <88.00%> (+0.45%)	⬆️
filer/models/abstract.py	80.82% <76.19%> (-0.78%)	⬇️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[fsbraun]

Great work and immediate UI response! This does also work when drag-and-dropping?

Can you add a test based on test_filer_upload_file which the FILER_MAX_IMAGE_PIXELS set to a very low value to see if the error messages are triggered?

[vinitkumar]

@fsbraun Just checked it out. Looks and work great. Except I think this warning message could be better. Is show __all__ and some message.

O

Once that is fixed. I think it's good enough to be merged and we can cut a 3.1 release for filer.