Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support blocking untrusted operations #24

Merged
merged 17 commits into from
Sep 4, 2022
Merged

Support blocking untrusted operations #24

merged 17 commits into from
Sep 4, 2022

Conversation

atjn
Copy link
Contributor

@atjn atjn commented Aug 22, 2022
edited
Loading

Support blocking untrusted and arbitrary operations with vips_block_untrusted_set and vips_operation_block_set:

// Block all untrusted operations
vips.blockUntrusted(true);

// Block all foreign loaders
vips.operationBlock("VipsForeignLoad", true);

// Reenable the jpeg loader
vips.operationBlock("VipsForeignLoadJpeg", true);

Note that it was already possible to use vips_block_untrusted_set before, by setting the module.ENV.VIPS_BLOCK_UNTRUSTED parameter on initialization.

Related: #21 (comment)

@atjn
Copy link
Contributor Author

atjn commented Aug 22, 2022

I considered integrating this a bit deeper, allowing for things like:

vips.Operation.block(vips.Image.pngsave, true);

vips.Image.jpegsave.block(true);

vips.Image.jpegsave.block(); // returns true
vips.Image.jpegsave.untrusted(); // returns false

But AFAICT it would require a massive amount of work, and I wasn't even sure if it would be desirable, given that it is pretty different from the core libvips API.

@atjn atjn marked this pull request as ready for review August 22, 2022 14:48
kleisauke
kleisauke reviewed Sep 4, 2022
View reviewed changes
Copy link
Owner

@kleisauke kleisauke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for working on this! I left a couple of comments inline.

build/preamble_vips.d.ts Outdated Show resolved Hide resolved
build/preamble_vips.d.ts Outdated Show resolved Hide resolved
build/preamble_vips.d.ts Outdated Show resolved Hide resolved
src/vips-emscripten.cpp Outdated Show resolved Hide resolved
test/unit/helpers.js Outdated Show resolved Hide resolved
test/unit/test_block.js Outdated Show resolved Hide resolved
test/unit/test_block.js Outdated Show resolved Hide resolved
test/unit/test_block.js Outdated Show resolved Hide resolved
atjn and others added 12 commits September 4, 2022 14:03
@atjn @kleisauke
Reword description
a516814 
Co-authored-by: Kleis Auke Wolthuizen <github@kleisauke.nl>
@atjn @kleisauke
Reword description
cc9625d 
Co-authored-by: Kleis Auke Wolthuizen <github@kleisauke.nl>
@atjn @kleisauke
Reword description
e1d7ec9 
Co-authored-by: Kleis Auke Wolthuizen <github@kleisauke.nl>
@atjn
Reword description
9a8ce2e 
To match build/preamble
@atjn @kleisauke
Move bindings to inline override
97f3648 
Co-authored-by: Kleis Auke Wolthuizen <github@kleisauke.nl>
@atjn @kleisauke
Reword test name
dc46863 
Co-authored-by: Kleis Auke Wolthuizen <github@kleisauke.nl>
@atjn @kleisauke
Reword test name
231faab 
Co-authored-by: Kleis Auke Wolthuizen <github@kleisauke.nl>
@atjn @kleisauke
Disable cache locally in test_block
6dcf792 
Co-authored-by: Kleis Auke Wolthuizen <github@kleisauke.nl>
@kleisauke
Merge branch 'master' into block-untrusted
5893516
@kleisauke
Prepare for merge
ef0088e 
- Ensure `test_block.js` suite is also being tested on the browser.
- Move `before` and `after{,Each}` hooks inside the `describe` block.
- Simplify `blockUntrusted` test.
- Escape boolean types between grave accents in `vips.d.ts`.
@kleisauke
Revise doc comments
e02e33c
@kleisauke
Ensure blocked operations are knocked out of the cache
0fdd86b
@kleisauke kleisauke added this to the v0.0.4 milestone Sep 4, 2022
jcupitt added a commit to libvips/libvips that referenced this pull request Sep 4, 2022
@jcupitt
check for blocked operations on cache lookup
702ed82 
We could return an operation from cache even after the operatuion had
been blocked. This was harmless, but could cause confusion.

see kleisauke/wasm-vips#24
@kleisauke
Prefer upstream patch instead
c3841a1 
Non-functional change.
kleisauke
kleisauke approved these changes Sep 4, 2022
View reviewed changes
Copy link
Owner

@kleisauke kleisauke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks all! This will be in v0.0.4.

@kleisauke kleisauke merged commit 5b7f0fc into kleisauke:master Sep 4, 2022
@atjn atjn deleted the block-untrusted branch September 4, 2022 17:10
kleisauke added a commit that referenced this pull request Sep 4, 2022
@kleisauke
Changelog and credit for #24
cacfc6a
RReverser pushed a commit to RReverser/libvips that referenced this pull request Oct 28, 2022
@jcupitt @RReverser
check for blocked operations on cache lookup
8f87276 
We could return an operation from cache even after the operatuion had
been blocked. This was harmless, but could cause confusion.

see kleisauke/wasm-vips#24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jcupitt jcupitt jcupitt left review comments

@kleisauke kleisauke kleisauke approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.0.4
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@atjn @jcupitt @kleisauke