安全RCE之未授权访问分析(11)

在commitDetect file MIME type before checking exif headers中添加了方法check_for_allowed_types到lib/gitlab/sanitizers/exif.rb检测mime_type是否为JPG或TIFF。
def check_for_allowed_types(contents) mime_type = Gitlab::Utils::MimeType.from_string(contents) unless ALLOWED_MIME_TYPES.include?(mime_type) raise "File type #{mime_type} not supported. Only supports #{ALLOWED_MIME_TYPES.join(", ")}." end end

不过在rails中的exiftool调用是以Rake任务存在的。以下是rails中的rake文件，位于lib/tasks/gitlab/uploads/sanitize.rake
namespace :gitlab do namespace :uploads do namespace :sanitize do desc "GitLab | Uploads | Remove EXIF from images." task :remove_exif, [:start_id, :stop_id, :dry_run, :sleep_time, :uploader, :since] => :environment do |task, args| args.with_defaults(dry_run: "true") args.with_defaults(sleep_time: 0.3) logger = Logger.new(STDOUT) sanitizer = Gitlab::Sanitizers::Exif.new(logger: logger) sanitizer.batch_clean(start_id: args.start_id, stop_id: args.stop_id, dry_run: args.dry_run != "false", sleep_time: args.sleep_time.to_f, uploader: args.uploader, since: args.since) end end endend