Add wrappers to vips_block_untrusted_set and `vips_operation_block_…

…set` methods Block/unblock all untrusted operations: ```ruby Vips.block_untrusted Vips.block_untrusted(false) ``` Block/unblock specific operations hierarchy: ```ruby Vips.block("VipsForeignLoad"); Vips.block("VipsForeignLoadJpeg", false) ```
libvips · Feb 19, 2024 · 6f54bbc · 6f54bbc
1 parent cddd270
commit 6f54bbc
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 5 deletions.
diff --git a/lib/vips/operation.rb b/lib/vips/operation.rb
@@ -11,6 +11,26 @@ module Vips
   if at_least_libvips?(8, 13)
     attach_function :vips_block_untrusted_set, [:bool], :void
     attach_function :vips_operation_block_set, %i[string bool], :void
+
+    # Block/unblock all untrusted operations from running.
+    # Use `vips -l` at the command-line to see the class hierarchy and which operations are marked as untrusted.
+    def self.block_untrusted(enabled = true)
+      vips_block_untrusted_set(enabled)
+    end
+
+    # Block/unblock all operations in the libvips class hierarchy at specified *operation_name* and below.
+    #
+    # For example this will block all loaders except JPEG
+    #
+    #   Vips.block("VipsForeignLoad");
+    #   Vips.block("VipsForeignLoadJpeg", false)
+    #
+    # Use `vips -l` at the command-line to see the class hierarchy.
+    # This call does nothing if the named operation is not found.
+    #
+    def self.block(operation_name, enabled = true)
+      vips_operation_block_set(operation_name, enabled)
+    end
   end
 
   private

diff --git a/spec/block_operations_spec.rb b/spec/block_operations_spec.rb
@@ -9,25 +9,25 @@
       untrusted_image = svg_image # svgload operation is known as untrusted
 
       # Block
-      Vips.vips_block_untrusted_set(true)
+      Vips.block_untrusted
       expect { Vips::Image.new_from_file(untrusted_image) }.to raise_error Vips::Error, /svgload/
 
       # Unblock
-      Vips.vips_block_untrusted_set(false)
+      Vips.block_untrusted(false)
       expect { Vips::Image.new_from_file(untrusted_image) }.not_to raise_error
     end
   end
 
   if has_jpeg? && has_svg?
     it "can block specific operations" do
       # Block all loaders except jpeg
-      Vips.vips_operation_block_set("VipsForeignLoad", true)
-      Vips.vips_operation_block_set("VipsForeignLoadJpeg", false)
+      Vips.block("VipsForeignLoad")
+      Vips.block("VipsForeignLoadJpeg", false)
       expect { Vips::Image.new_from_file(svg_image) }.to raise_error Vips::Error, /svgload/
       expect { Vips::Image.new_from_file(jpg_image) }.not_to raise_error
 
       # Unblock all loaders
-      Vips.vips_operation_block_set("VipsForeignLoad", false)
+      Vips.block("VipsForeignLoad", false)
       expect { Vips::Image.new_from_file(svg_image) }.not_to raise_error
     end
   end