Hire Martians
Hire Martians
11-
Sep
13
Meet us at EuRuKo 2024 in Sarajevo, Bosnia and Herzegovina!

CarrierWave BombShelter

Services & Skills

Share on

carrierwave-bombshelter is a Ruby gem designed to detect an image’s real dimensions without decoding it. bombshelter saves memory and disk space, letting engineers adjust image sizes according to their application’s facilities.

213
stars
19
forks
9
watching
8
contributors

BombShelter is a module that protects your uploaders from image bombs like https://www.bamsoftware.com/hacks/deflate.html and http://www.openwall.com/lists/oss-security/2016/05/03/18. It checks the type and pixel dimensions of an uploaded image before ImageMagick touches it.

BombShelter uses the fastimage gem, which reads just a header of an image to get info about it. BombShelter compares the type and pixel dimensions of the uploaded image with the allowed ones and raises integrity error if an image is too big or has an unsupported type. Works perfectly with ActiveRecord validators.

Author

In the same orbit

  • A broader picture: A guide on imgproxy for businesses

    A broader picture: A guide on imgproxy for businesses

    Cover for A broader picture: A guide on imgproxy for businesses
  • Social background: Martians behind eBay Social's tech

    Social background: Martians behind eBay Social's tech

    Cover for Social background: Martians behind eBay Social's tech
  • eBay
    Evil Martians have been cooperating with eBay, a global marketplace leader, since 2014, shipping two official eBay spin-offs—eBaymag and eBay Bonus. Martians are behind all the tech and product development, analytics, design, and SRE in both projects.
    eBaymageBaymag logoeBay BonuseBay Bonus logo
    eBay logo
  • Fountain
    As a core technical team behind Fountain’s software, doing backend and frontend development and being responsible for scaling the software, we were happy to see them become an industry leading hiring platform for hourly workers.
    $220M
    total funding
    Backed
    by Softbank, Y Combinator
    Fountain logo

Explore more open source projects

  • ACLI

    ACLI

    An Action Cable command-line client written in mRuby.
  • wsdirector

    wsdirector

    A command line tool for testing WebSocket servers using scenarios.

Let's solve your hard problems

Schedule a call instead
Martians at a glance
18
years in business

We're experts at helping developer products grow, with a proven track record in UI design, product iterations, cost-effective scaling, and much more. We'll lay out a strategy before our engineers and designers leap into action.

If you prefer email, write to us at surrender@evilmartians.com