Block untrusted functions by default in helper (#20)

lopcode · Aug 18, 2024 · 5443475 · 5443475
1 parent b962f04
commit 5443475
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 6 deletions.
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
@@ -9,7 +9,7 @@ on:
 
 jobs:
   check:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout
         uses: actions/checkout@v4

diff --git a/helper/src/main/java/app/photofox/vipsffm/helper/Vips.java b/helper/src/main/java/app/photofox/vipsffm/helper/Vips.java
@@ -14,15 +14,21 @@ public class Vips {
     private final Arena arena;
 
     public Vips(Arena arena) {
+        this(arena, "vips-ffm", false);
+    }
+
+    public Vips(Arena arena, String name, boolean allowUntrusted) {
         this.arena = arena;
+        Vips.init(arena, name, allowUntrusted);
     }
 
-    public void init(String argv0) throws VipsError {
+    public static void init(Arena arena, String argv0, boolean allowUntrusted) throws VipsError {
         var nameCString = arena.allocateFrom(argv0);
         var result = VipsRaw.vips_init(nameCString);
         if (!isValidResult(result)) {
             throwVipsError("vips_init");
         }
+        VipsRaw.vips_block_untrusted_set(allowUntrusted ? 0 : 1);
     }
 
     public MemorySegment imageNewFromFile(String name, VipsOption... args) throws VipsError {
@@ -99,15 +105,15 @@ private Object[] makeInvokerVarargObjects(VipsOption... args) {
         return invokeArgs.toArray(Object[]::new);
     }
 
-    private boolean isValidPointer(MemorySegment memorySegment) {
+    static boolean isValidPointer(MemorySegment memorySegment) {
         return memorySegment != MemorySegment.NULL && memorySegment.address() != 0;
     }
 
-    private boolean isValidResult(int result) {
+    static boolean isValidResult(int result) {
         return result == 0;
     }
 
-    private void throwVipsError(String commandName) throws VipsError {
+    static void throwVipsError(String commandName) throws VipsError {
         var errorBuffer = VipsRaw.vips_error_buffer();
         if (!isValidPointer(errorBuffer)) {
             throw new VipsError("failed to run vips command " + commandName);

diff --git a/sample/src/main/kotlin/vipsffm/HelperCreateThumbnailSample.kt b/sample/src/main/kotlin/vipsffm/HelperCreateThumbnailSample.kt
@@ -13,7 +13,6 @@ object HelperCreateThumbnailSample: RunnableSample {
 
     override fun run(arena: Arena, workingDirectory: Path): Result<Unit> {
         val vips = Vips(arena)
-        vips.init("vips-ffm")
 
         val sourceImage = vips.imageNewFromFile(
             "sample/src/main/resources/sample_images/rabbit.jpg",

diff --git a/sample/src/main/kotlin/vipsffm/VipsFfm.kt b/sample/src/main/kotlin/vipsffm/VipsFfm.kt
@@ -1,5 +1,6 @@
 package vipsffm
 
+import app.photofox.vipsffm.helper.Vips
 import org.slf4j.LoggerFactory
 import java.lang.foreign.Arena
 import java.nio.file.Files
@@ -27,6 +28,8 @@ object VipsFfm {
         Files.createDirectory(sampleParentRunPath)
 
         Arena.ofConfined().use { arena ->
+            Vips(arena) // initialise for safety
+
             samples.forEach { sample ->
                 val sampleName = sample::class.simpleName!!
                 logger.info("running sample \"$sampleName\"...")