Image Security Manager

A utility module for safely processing untrusted user-uploaded images by controlling which image operations are permitted at runtime.

Problem Statement

You need to build a system that processes user-uploaded images in a multi-tenant environment. Different tenants have different security requirements - some allow full image processing capabilities while others require restricted operation sets to prevent resource exhaustion or malicious use.

Your task is to implement a security manager that can dynamically enable or disable specific image processing operations based on tenant security policies.

Requirements

Security Policy Management

The system must support three security levels:

1. Restricted Mode: Only allows basic read operations (loading images, extracting metadata)
2. Standard Mode: Allows read operations plus safe transformations (resize, rotate, crop)
3. Full Mode: Allows all operations including potentially resource-intensive ones

Operation Control

• The system must be able to block specific operations before processing untrusted images
• The system must be able to unblock operations when switching contexts
• Blocked operations should remain blocked across multiple image processing pipelines
• The system should verify that blocked operations are actually blocked

Implementation Details

Create a module that:

1. Provides a function to apply a security policy by name (restricted/standard/full)
2. Implements each security level by blocking the appropriate operations
3. Provides a function to reset to full mode (unblock all operations)
4. Includes validation to ensure operations are blocked as expected

Test Cases

• Applying restricted mode blocks webpload and jpegload operations @test
• Applying standard mode blocks svgload but not jpeg2000 operations @test
• Resetting to full mode unblocks all previously blocked operations @test
• Blocked operations remain blocked across multiple image instances @test

Implementation

@generates

API

/**
 * Applies a security policy by blocking specific libvips operations.
 *
 * @param {string} policyName - The security policy to apply: 'restricted', 'standard', or 'full'
 * @throws {Error} If an invalid policy name is provided
 */
function applySecurityPolicy(policyName) {
  // IMPLEMENTATION HERE
}

/**
 * Resets to full mode by unblocking all operations.
 */
function resetToFullMode() {
  // IMPLEMENTATION HERE
}

/**
 * Checks if a specific operation is currently blocked.
 *
 * @param {string} operationName - The name of the libvips operation to check
 * @returns {boolean} True if the operation is blocked, false otherwise
 */
function isOperationBlocked(operationName) {
  // IMPLEMENTATION HERE
}

module.exports = {
  applySecurityPolicy,
  resetToFullMode,
  isOperationBlocked
};

Dependencies { .dependencies }

sharp { .dependency }

High-performance image processing library that provides control over libvips operations.

@satisfied-by