forked from finos/git-proxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
checkExifJpeg.js
104 lines (86 loc) · 3.12 KB
/
checkExifJpeg.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
const { ExifTool } = require('exiftool-vendored');
const { Step } = require('../../actions');
const path = require('path');
const config = require('../../../config');
const commitConfig = config.getCommitConfig();
const authorizedlist = config.getAuthorisedList();
const validExtensions = ['.jpeg', '.png', '.jpg', '.tiff'];
// Make sure you have modified the proxy.config.json;
// Function to check sensitive EXIF data
const checkSensitiveExifData = (metadata) => {
let allSafe = true;
if (metadata.GPSLatitude || metadata.GPSLongitude) {
console.log('GPS data detected; push is blocked due to sensitive EXIF metadata');
allSafe = false;
}
if (metadata.Make || metadata.Model || metadata.Software) {
console.log('Camera information detected; push is blocked due to sensitive EXIF metadata');
allSafe = false;
}
return allSafe;
};
// Function to retrieve EXIF data using ExifTool
const getExifData = async (relativePath, reporRoot) => {
const exifTool = new ExifTool();
const filePath = path.join(reporRoot, relativePath);
try {
const metadata = await exifTool.read(filePath);
return metadata ? checkSensitiveExifData(metadata) : true;
} catch (error) {
console.log(`Error reading EXIF data from ${filePath}: ${error.message}`);
return false;
} finally {
await exifTool.end();
}
};
// Helper function to parse file paths from git diff content
const extractFilePathsFromDiff = (diffContent) => {
const filePaths = [];
const lines = diffContent.split('\n');
lines.forEach((line) => {
const match = line.match(/^diff --git a\/(.+?) b\/(.+?)$/);
if (match) {
filePaths.push(match[1]); // Extract the file path from "a/" in the diff line
}
});
return filePaths;
};
// Main exec function
const exec = async (req, action, log = console.log) => {
const diffStep = action.steps.find((s) => s.stepName === 'diff');
const step = new Step('checkExifJpeg');
const allowedFileType = commitConfig.diff.block.proxyFileTypes;
if (diffStep && diffStep.content) {
const relativepaths = extractFilePathsFromDiff(diffStep.content);
const filteredPaths = relativepaths.filter((path) =>
validExtensions.some((ext) => path.endsWith(ext) && allowedFileType.includes(ext)),
);
if (filteredPaths.length > 0) {
const exifResults = await Promise.all(
filteredPaths.map((Path) => {
const repo = action.url;
const repoRoot = authorizedlist.find((item) => item.url === repo).LocalRepoRoot;
getExifData(Path, repoRoot);
}),
);
const isBlocked = exifResults.some((result) => {
if (result != undefined) return !result;
});
if (isBlocked) {
step.blocked = true;
step.error = true;
step.errorMessage =
'Your push has been blocked due to sensitive EXIF metadata detection in an image';
log(step.errorMessage);
}
} else {
log('No files with valid extensions found in the diff content.');
}
} else {
log('No diff content available.');
}
action.addStep(step);
return action;
};
exec.displayName = 'CheckExif.exec';
module.exports = { exec };