sneak/pixa
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Add failing tests for input dimension and path traversal validation

Browse Source 
Tests for:
- ErrInputTooLarge when input image exceeds MaxInputDimension
- ErrPathTraversal for ../, encoded traversal, backslashes, null bytes
This commit is contained in:
Jeffrey Paul
2026-01-08 08:48:11 -08:00
parent 857be30e82
commit c964feac7e
4 changed files with 168 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/imgcache/processor.go
View File

@@ -3,6 +3,7 @@ package imgcache
import (
"bytes"
"context"
"errors"
"fmt"
"image"
"image/gif"
@@ -14,6 +15,13 @@ import (
"golang.org/x/image/webp"
)
// MaxInputDimension is the maximum allowed width or height for input images.
// Images larger than this are rejected to prevent DoS via decompression bombs.
const MaxInputDimension = 8192
// ErrInputTooLarge is returned when input image dimensions exceed MaxInputDimension.
var ErrInputTooLarge = errors.New("input image dimensions exceed maximum")
// ImageProcessor implements the Processor interface using pure Go libraries.
type ImageProcessor struct{}