Compare commits

..

2 commits

Author SHA1 Message Date
f86c7d69db
Reject unsafe file extensions
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
2024-11-23 14:46:22 -06:00
80b2bd2d14
Update spec compliance info
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
2024-11-23 14:46:11 -06:00
2 changed files with 20 additions and 0 deletions

View file

@ -24,6 +24,14 @@ Currently to do:
- [X] Sandboxing the image rendering
- [X] Prometheus-format metrics
## Spec Compliance
This project is designed to match the upstream [specification](https://github.com/misskey-dev/media-proxy/blob/master/SPECIFICATION.md), however a few deviations are made:
- We will not honor remote `Content-Disposition` headers but instead reply with the actual filename in the request URL.
- Remote `Content-Type` headers will only be used as a hint rather than authoritative, and resniffing is unconditionally performed.
- SVG rasterization is planned to be removed from the proxy in favor of sanitization and CSP enforcement.
## Demo
### Avatar resizing

View file

@ -992,6 +992,18 @@ impl<C: UpstreamClient + 'static, S: Sandboxing + Send + Sync + 'static> App<C,
where
<<C as UpstreamClient>::Response as HTTPResponse>::BodyStream: Unpin,
{
if let Some(ext) = filename.split('.').last() {
if [
"exe", "com", "dll", "sys", "bat", "cmd", "sh", "bash", "zsh", "fish", "ps1",
"psm1", "elf", "so", "dylib", "dmg", "scr", "url", "app", "jar", "apk", "msi",
"deb", "rpm", "rpm", "pkg",
]
.iter()
.any(|x| x.eq_ignore_ascii_case(ext))
{
return Err(ErrorResponse::unsafe_media());
}
}
Self::proxy_impl(method, Some(&filename), State(state), Query(query), info).await
}
}