Checking for malicious file uploads
Checking for malicious file uploads
I have a script that accepts file uploads. they are jpeg images and I want to make sure that no one is sending me an image with malicious scripts in it, is there a way that ImageMagick can do this?
- anthony
- Posts: 8883
- Joined: 2004-05-31T19:27:03-07:00
- Authentication code: 8675308
- Location: Brisbane, Australia
Re: Checking for malicious file uploads
Just read the file with -quiet -regard-warnings. If the returned status is not zero, something was very wrong with the image, and IM did not want to parse it fully.
NOTE many TIFF images has extra unknown profiles included by various programs. These extra profiles would normally be warned about. The -regard-warnings makes such profiles a fatal error rather than a simple warning.
See Im Examples, Basics, Operational Controls.
http://www.imagemagick.org/Usage/basics/#controls
Code: Select all
convert -quiet -regard-warnings [color=#4000FF]{image}[/color] +repage tempory_file.miff ||
echo "image is not readable"
See Im Examples, Basics, Operational Controls.
http://www.imagemagick.org/Usage/basics/#controls
Anthony Thyssen -- Webmaster for ImageMagick Example Pages
https://imagemagick.org/Usage/
https://imagemagick.org/Usage/