CarrierWave BombShelter

Services & Skills

Share on

BombShelter is a module that protects your uploaders from image bombs like https://www.bamsoftware.com/hacks/deflate.html and http://www.openwall.com/lists/oss-security/2016/05/03/18. It checks the type and pixel dimensions of an uploaded image before ImageMagick touches it.

BombShelter uses the fastimage gem, which reads just a header of an image to get info about it. BombShelter compares the type and pixel dimensions of the uploaded image with the allowed ones and raises integrity error if an image is too big or has an unsupported type. Works perfectly with ActiveRecord validators.

Author

In the same orbit

Explore more OSS projects

Contact us

We’d love to hear from you! We’re not really all that evil, and we love discussing potential projects, intriguing ideas, and new opportunities. Complete the form below or drop us a line at surrender@evilmartians.com.

Martians at a glance
16
years in business

A product development consultancy that works with startups and established businesses, while also creating open source-based products and services