kleisauke · kleisauke · Sep 4, 2022 · Aug 22, 2022 · Aug 22, 2022 · Aug 22, 2022
diff --git a/build/preamble_vips.d.ts b/build/preamble_vips.d.ts
@@ -68,6 +68,22 @@ declare module Vips {
      */
     function concurrency(concurrency?: number): void | number;
 
+    /**
+     * Block operations that should not be used on untrusted input.
+     * This blocks many ForeignLoad operations, including vipsload.
+     * @param state Set to true to block the operations, set to false to reenable them.
+     */
+    function blockUntrusted(state: boolean): void;
+
+    /**
+     * Block a specific operation from running.
+     * For example, you can disable all foreign loaders with ('VipsForeignLoad', true)
+     * and then only reenable the png loader with ('VipsForeignLoadPng', false).
+     * @param name The name of the operation or class of operations.
+     * @param state Set to true to block the operation, set to false to reenable it.
+     */
+     function operationBlock(name: string, state: boolean): void;
+
     /**
      * Call this to shutdown libvips and the runtime of Emscripten.
      * This is only needed on Node.js, as the thread pool of

diff --git a/lib/vips.d.ts b/lib/vips.d.ts
diff --git a/src/bindings/init.h b/src/bindings/init.h
@@ -0,0 +1,13 @@
+#pragma once
+
+namespace vips {
+
+void block_untrusted_set(bool state) {
+    vips_block_untrusted_set(state ? 1 : 0);
+}
+
+void operation_block_set(const std::string &name, bool state) {
+    vips_operation_block_set(name.c_str(), state ? 1 : 0);
+}
+
+}  // namespace vips
diff --git a/src/vips-emscripten.cpp b/src/vips-emscripten.cpp
@@ -1,5 +1,6 @@
 #include "bindings/connection.h"
 #include "bindings/image.h"
+#include "bindings/init.h"
 #include "bindings/interpolate.h"
 #include "bindings/object.h"
 #include "bindings/utils.h"
@@ -433,6 +434,8 @@ EMSCRIPTEN_BINDINGS(my_module) {
     function("config", optional_override([]() {
                  return vips::replace_all(VIPS_CONFIG, ", ", "\n");
              }));
+    function("blockUntrusted", &vips::block_untrusted_set);
+    function("operationBlock", &vips::operation_block_set);
 
     // Helper for Node.js to shutdown libvips and the runtime of Emscripten
     function("shutdown", &shutdown_js);

diff --git a/test/unit/helpers.js b/test/unit/helpers.js
@@ -3,6 +3,7 @@
 export const jpegFile = getPath('sample.jpg');
 export const truncatedFile = getPath('truncated.jpg');
 export const pngFile = getPath('sample.png');
+export const vipsFile = getPath('sample.vips');
 export const tifFile = getPath('sample.tif');
 export const tif1File = getPath('1bit.tif');
 export const tif2File = getPath('2bit.tif');
@@ -26,6 +27,7 @@ export const testFiles = [
   jpegFile,
   truncatedFile,
   pngFile,
+  vipsFile,
   tifFile,
   tif1File,
   tif2File,
@@ -225,3 +227,15 @@ export function imageToString (im) {
 export function makeRepeated (arr, repeats) {
   return [].concat(...Array.from({ length: repeats }, () => arr));
 }
+
+// allows temporary disabling of cache, which can be enabled again
+// with  enableCache()
+export function disableCache () {
+  globalThis.cachePreviousMax = vips.Cache.max();
+  vips.Cache.max(0);
+}
+
+// enables the cache again after it has been disabled with disableCache()
+export function enableCache () {
+  vips.Cache.max(globalThis.cachePreviousMax);
+}
diff --git a/test/unit/images/sample.vips b/test/unit/images/sample.vips
diff --git a/test/unit/test_block.js b/test/unit/test_block.js
@@ -0,0 +1,60 @@
+'use strict';
+
+import * as Helpers from './helpers.js';
+
+describe('block', () => {
+  it('block_untrusted', function () {
+    // Needs VIPS file load support
+    if (!Helpers.have('vipsload')) {
+      return this.skip();
+    }
+
+    // Some operations can be cached, which means they can return a result despite
+    // being blocked, if they were run previously. Disabling the cache fixes this issue.
+    Helpers.disableCache();
+
+    // vipsload is an untrusted operation, and should be blocked when blockUntrusted is true
+
+    vips.blockUntrusted(true);
+    expect(() => vips.Image.vipsload(Helpers.vipsFile)).to.throw(/operation is blocked/);
+
+    vips.blockUntrusted(false);
+    expect(() => vips.Image.vipsload(Helpers.vipsFile)).to.not.throw();
+
+    vips.blockUntrusted(true);
+    expect(() => vips.Image.vipsload(Helpers.vipsFile)).to.throw(/operation is blocked/);
+
+    // make sure no operations are blocked when the rest of the tests run
+    vips.blockUntrusted(false);
+    Helpers.enableCache();
+  });
+
+  it('operation_block', function () {
+    // Needs JPEG and PNG file load support
+    if (!Helpers.have('jpegload') || !Helpers.have('pngload')) {
+      return this.skip();
+    }
+
+    // Some operations can be cached, which means they can return a result despite
+    // being blocked, if they were run previously. Disabling the cache fixes this issue.
+    Helpers.disableCache();
+
+    vips.operationBlock('VipsForeignLoadJpeg', true);
+    expect(() => vips.Image.jpegload(Helpers.jpegFile)).to.throw(/operation is blocked/);
+
+    vips.operationBlock('VipsForeignLoad', false);
+    vips.operationBlock('VipsForeignLoadPng', true);
+    expect(() => vips.Image.jpegload(Helpers.jpegFile)).to.not.throw();
+    expect(() => vips.Image.pngload(Helpers.pngFile)).to.throw(/operation is blocked/);
+
+    vips.operationBlock('VipsForeignLoadJpeg', true);
+    expect(() => vips.Image.jpegload(Helpers.jpegFile)).to.throw(/operation is blocked/);
+
+    vips.operationBlock('VipsForeignLoadPng', false);
+    expect(() => vips.Image.pngload(Helpers.pngFile)).to.not.throw();
+
+    // make sure no operations are blocked when the rest of the tests run
+    vips.operationBlock('VipsForeignLoad', false);
+    Helpers.enableCache();
+  });
+});