Skip to content

Commit 1ca278a

Browse files
fresh-eggsjhawthorn
fresh-eggs
authored and
jhawthorn
committed
Active Storage: Remove dangerous transformations
[CVE-2025-24293] A subset of transformation methods included in the default allowed list still present potential command injection risk to applications accepting arbitrary user input for transformations or their parameters. Doing so is unsupported behavior and should be considered dangerous.
1 parent 9ee3da1 commit 1ca278a

File tree

2 files changed

+3
-6
lines changed

2 files changed

+3
-6
lines changed

activestorage/lib/active_storage.rb

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,6 @@ module ActiveStorage
7474
"annotate",
7575
"antialias",
7676
"append",
77-
"apply",
7877
"attenuate",
7978
"authenticate",
8079
"auto_gamma",
@@ -215,7 +214,6 @@ module ActiveStorage
215214
"linewidth",
216215
"liquid_rescale",
217216
"list",
218-
"loader",
219217
"log",
220218
"loop",
221219
"lowlight_color",
@@ -278,7 +276,6 @@ module ActiveStorage
278276
"rotate",
279277
"sample",
280278
"sampling_factor",
281-
"saver",
282279
"scale",
283280
"scene",
284281
"screen",

activestorage/test/models/variant_test.rb

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -257,7 +257,7 @@ class ActiveStorage::VariantTest < ActiveSupport::TestCase
257257
process_variants_with :mini_magick do
258258
blob = create_file_blob(filename: "racecar.jpg")
259259
assert_raise(ActiveStorage::Transformers::ImageProcessingTransformer::UnsupportedImageProcessingArgument) do
260-
blob.variant(saver: { "-write": "/tmp/file.erb" }).processed
260+
blob.variant(resize: { "-write": "/tmp/file.erb" }).processed
261261
end
262262
end
263263
end
@@ -266,11 +266,11 @@ class ActiveStorage::VariantTest < ActiveSupport::TestCase
266266
process_variants_with :mini_magick do
267267
blob = create_file_blob(filename: "racecar.jpg")
268268
assert_raise(ActiveStorage::Transformers::ImageProcessingTransformer::UnsupportedImageProcessingArgument) do
269-
blob.variant(saver: { "something": { "-write": "/tmp/file.erb" } }).processed
269+
blob.variant(resize: { "something": { "-write": "/tmp/file.erb" } }).processed
270270
end
271271

272272
assert_raise(ActiveStorage::Transformers::ImageProcessingTransformer::UnsupportedImageProcessingArgument) do
273-
blob.variant(saver: { "something": ["-write", "/tmp/file.erb"] }).processed
273+
blob.variant(resize: { "something": ["-write", "/tmp/file.erb"] }).processed
274274
end
275275
end
276276
end

0 commit comments

Comments
 (0)