Module: SafeImage

Extended by:
API::Metadata, API::Transform
Defined in:
lib/safe_image/remote.rb,
lib/safe_image.rb,
lib/safe_image.rb,
lib/safe_image/ico.rb,
lib/safe_image/native.rb,
lib/safe_image/result.rb,
lib/safe_image/runner.rb,
lib/safe_image/formats.rb,
lib/safe_image/sandbox.rb,
lib/safe_image/version.rb,
lib/safe_image/optimizer.rb,
lib/safe_image/processor.rb,
lib/safe_image/path_safety.rb,
lib/safe_image/api/metadata.rb,
lib/safe_image/svg_metadata.rb,
lib/safe_image/vips_backend.rb,
lib/safe_image/api/transform.rb,
lib/safe_image/backend_label.rb,
lib/safe_image/native_helper.rb,
lib/safe_image/operation_set.rb,
lib/safe_image/staged_output.rb,
lib/safe_image/jpegli_backend.rb,
lib/safe_image/quality_defaults.rb,
lib/safe_image/operation_backends.rb,
lib/safe_image/metadata_operations.rb,
lib/safe_image/image_magick_backend.rb,
lib/safe_image/transform_operations.rb,
lib/safe_image/operation_backends/base.rb,
lib/safe_image/operation_backends/vips.rb,
lib/safe_image/operation_backends/image_magick.rb

Overview

the load path until a caller uses the remote API.

Defined Under Namespace

Modules: Ico, ImageMagickBackend, JpegliBackend, Native, NativeHelper, Optimizer, PathSafety, Remote, Runner, Sandbox, SvgMetadata, VipsBackend Classes: CommandError, Config, Error, Info, InvalidImageError, LimitError, NotConfiguredError, Processor, Result, UnsafePathError, UnsupportedFormatError, VipsUnavailableError

Constant Summary collapse

DEFAULT_MAX_PIXELS =

Default decompression-bomb ceiling when configure! is not given an explicit max_pixels. Mirrored in the native helper (SAFE_IMAGE_DEFAULT_MAX_PIXELS) and aligned with the 128MP area limit on the ImageMagick path. Per-call max_pixels: overrides the configured value.

128 * 1024 * 1024
BACKENDS = 
%i[vips imagemagick].freeze
VERSION = 
"0.5.1"

Class Method Summary collapse

Methods included from API::Metadata

animated?, dimensions, dominant_color, fetch_remote, frame_count, info, orientation, probe, remote_animated?, remote_dimensions, remote_dominant_color, remote_info, remote_size, remote_type, size, type

Methods included from API::Transform

convert, convert_favicon_to_png, crop, downsize, fix_orientation, letter_avatar, optimize, resize, thumbnail

Class Method Details

.configObject 



127
128
129
130
131
132
133
 
# File 'lib/safe_image.rb', line 127

def config
  @config ||
    raise(
      NotConfiguredError,
      "call SafeImage.configure!(backend: :vips | :imagemagick, landlock: true | false) before using SafeImage"
    )
end

.configure!(backend:, landlock:, max_pixels: DEFAULT_MAX_PIXELS) ⇒ Object

Decides, in one place, everything that varies by host: which backend decodes untrusted bytes, whether child helpers/tools run under Landlock, and the default decompression-bomb ceiling. Must be called before any operation; calling it again replaces the configuration.

Validation is eager so a misconfigured host fails at boot rather than on the first request.

Raises:

  • (ArgumentError) 


96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
 
# File 'lib/safe_image.rb', line 96

def configure!(backend:, landlock:, max_pixels: DEFAULT_MAX_PIXELS)
  backend = backend.to_sym
  if BACKENDS.none? { |candidate| candidate == backend }
    raise ArgumentError, "unknown backend: #{backend.inspect} (expected :vips or :imagemagick)"
  end
  unless [true, false].any? { |candidate| candidate == landlock }
    raise ArgumentError, "landlock must be true or false, got: #{landlock.inspect}"
  end
  max_pixels = Integer(max_pixels)
  raise ArgumentError, "max_pixels must be positive" if max_pixels <= 0

  case backend
  when :vips
    begin
      NativeHelper.verify!
    rescue Error => e
      raise Error, "backend: :vips requested but the native libvips helper is unavailable: #{e.message}"
    end
  when :imagemagick
    unless Runner.available?("magick") || Runner.available?("convert")
      raise Error, "backend: :imagemagick requested but no magick/convert executable was found"
    end
  end
  if landlock && !Sandbox.available?
    raise Error, "landlock: true requested but the Landlock sandbox is unavailable on this host"
  end
  NativeHelper.ensure_available! if landlock && backend == :vips

  @config = Config.new(backend: backend, landlock: landlock, max_pixels: max_pixels)
end

.configured?Boolean

Returns:

  • (Boolean) 


135
 
# File 'lib/safe_image.rb', line 135

def configured? = !@config.nil?

.real_tmpdirObject 



52
53
54
 
# File 'lib/safe_image.rb', line 52

def self.real_tmpdir
  @real_tmpdir ||= File.realpath(Dir.tmpdir)
end

.resolved_max_pixels(max_pixels, config: self.config) ⇒ Object

Internal: per-call max_pixels overrides the configured default.



146
147
148
 
# File 'lib/safe_image.rb', line 146

def resolved_max_pixels(max_pixels, config: self.config)
  max_pixels.nil? ? config.max_pixels : max_pixels
end

.sandbox?Boolean

Internal: whether child commands/helpers must run under Landlock. False before configure! so configure!‘s own availability probes can run.

Returns:

  • (Boolean) 


141
142
143
 
# File 'lib/safe_image.rb', line 141

def sandbox?
  !!@config&.landlock
end

.sandbox_available?Boolean

Returns:

  • (Boolean) 


137
 
# File 'lib/safe_image.rb', line 137

def sandbox_available? = Sandbox.available?