BombShelter is a module which protects your uploaders from image bombs. It checks pixel dimensions of uploaded image before ImageMagick touches it.
How it works
BombShelter uses fastimage gem, which reads just a header of an image to get info about it. BombShelter compares pixel dimensions of the uploaded image with maximum allowed ones and raises integrity error if image is too big. Works perfectly with ActiveRecord validators.
Add this line to your application's Gemfile:
And then execute:
Or install it yourself as:
$ gem install carrierwave-bombshelter
CarrierWave::BombShelter to your uploader and you're done:
class YourUploader < ::Uploader::Base include :: end
By default BombShelter sets maximum allowed dimensions to 4096x4096, but you can set your own ones by defining
class YourUploader < ::Uploader::Base include :: def max_pixel_dimensions [1024, 1024] end end
Bug reports and pull requests are welcome on GitHub at https://github.com/DarthSim/carrierwave-bombshelter. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.
The gem is available as open source under the terms of the MIT License.