Catch Ruby errors before your users do. Monitor Ruby production errors in real-time and debug them in minutes, before users notice. Our open source Ruby SDK works with Rails, Sinatra, and more. Use this link and get one month free!

RubyFlow The Ruby and Rails community linklog

×

The Ruby and Rails community linklog

Made a library? Written a blog post? Found a useful tutorial? Share it with the Ruby community here or just enjoy what everyone else has found!

Protect your Rails app from PNG bomb attacks

A new Carrierwave plugin to check “real” image size bypassing ImageMagick (which may be fooled by a PNG bomb): https://github.com/DarthSim/carrierwave-bombshelter

This is what a PNG bomb works like: https://www.bamsoftware.com/hacks/deflate.html

You can’t be sure to check for image size with ImageMagick/lib_png (cause this is where the bomb gets triggered), so you need something secure, like the “fastimage” gem.

Comments

You may fix the broken link (dot at the end of the link): https://www.bamsoftware.com/hacks/deflate.html.

@MLESZCZ thanks!

Post a comment

You can use basic HTML markup (e.g. <a>) or Markdown.

As you are not logged in, you will be
directed via GitHub to signup or sign in