Spin-off as a result of bug 619467 -- we've discussed with infrasec to do 3 things: 1. Limit to certain extensions for uploaded images (for now gif, png, jpe?g) 2. Re-save images to get rid of potentially malicious comments. 3. Rename the files to get rid of our unicode problems (already in bug 596116). Erik has started some work on resaving images so assigning this to him.
If you're looking to liberate/steal code, you can check out https://github.com/jbalogh/zamboni/blob/master/apps/amo/utils.py#L251
Surely AMO and SUMO share a bunch of common image handling concepts, though no code. I'd love to take the common stuff (I know we just rethought thumbnail generation but AMO's is so pretty and already resaves everything as .png) and create something lower-level we could both use in commonware.
Getting rid of malicious comments doesn't do much for us, as it's just as easy to paste malicious code into the body of the image (and the browser executes it just as readily).
(In reply to comment #3) > Getting rid of malicious comments doesn't do much for us, as it's just as easy > to paste malicious code into the body of the image (and the browser executes it > just as readily). Yes, if the "image" is served as html then the browser will execute it. However, our image defense consists of multiple layers. Getting rid of malicious comments (or whatever might be there) is one of many steps in a defense in depth approach. https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Image_Upload
I think Tanay will end up doing this as part of bug 630845.
Done with the image compression patch: https://github.com/jsocol/kitsune/commit/2bb577. All images are now converted/resaved as PNG.
Note that this will result in a filesize increase (small one for png->png, larger one for something like jpg->png).
These bugs are all resolved, so I'm removing the security flag from them.