Checking for malicious file uploads

Questions and postings pertaining to the usage of ImageMagick regardless of the interface. This includes the command-line utilities, as well as the C and C++ APIs. Usage questions are like "How do I use ImageMagick to create drop shadows?".
Post Reply
adamlangsner

Checking for malicious file uploads

Post by adamlangsner »

I have a script that accepts file uploads. they are jpeg images and I want to make sure that no one is sending me an image with malicious scripts in it, is there a way that ImageMagick can do this?
User avatar
anthony
Posts: 8883
Joined: 2004-05-31T19:27:03-07:00
Authentication code: 8675308
Location: Brisbane, Australia

Re: Checking for malicious file uploads

Post by anthony »

Just read the file with -quiet -regard-warnings. If the returned status is not zero, something was very wrong with the image, and IM did not want to parse it fully.

Code: Select all

convert -quiet -regard-warnings [color=#4000FF]{image}[/color] +repage tempory_file.miff ||
   echo "image is not readable"
NOTE many TIFF images has extra unknown profiles included by various programs. These extra profiles would normally be warned about. The -regard-warnings makes such profiles a fatal error rather than a simple warning.

See Im Examples, Basics, Operational Controls.
http://www.imagemagick.org/Usage/basics/#controls
Anthony Thyssen -- Webmaster for ImageMagick Example Pages
https://imagemagick.org/Usage/
Post Reply