CarrierWave BombShelter

Services & Skills

Share on

BombShelter is a module that protects your uploaders from image bombs like https://www.bamsoftware.com/hacks/deflate.html and http://www.openwall.com/lists/oss-security/2016/05/03/18. It checks the type and pixel dimensions of an uploaded image before ImageMagick touches it.

BombShelter uses the fastimage gem, which reads just a header of an image to get info about it. BombShelter compares the type and pixel dimensions of the uploaded image with the allowed ones and raises integrity error if an image is too big or has an unsupported type. Works perfectly with ActiveRecord validators.

Author

Sergey Alexandrovich
Author of imgproxy

In the same orbit

A broader picture: A guide on imgproxy for businesses
A broader picture: A guide on imgproxy for businesses
May 24, 2021
Social background: Martians behind eBay Social's tech
Social background: Martians behind eBay Social's tech
January 25, 2021
eBay
Evil Martians have been cooperating with eBay, a global marketplace leader, since 2014, shipping two official eBay spin-offs—eBaymag and eBay Bonus. Martians are behind all the tech and product development, analytics, design, and SRE in both projects.
eBaymag eBay Bonus
Fountain
As a core technical team behind Fountain’s software, doing backend and frontend development and being responsible for scaling the software, we were happy to see them become an industry leading hiring platform for hourly workers.
$220M
total funding
Backed
by Softbank, Y Combinator

Explore more open source projects

ACLI
ACLI
An Action Cable command-line client written in mRuby.
wsdirector
wsdirector
A command line tool for testing WebSocket servers using scenarios.