gendesign/tradein-mvp/backend
lekss361 9d87f80e7e fix(tradein-photos): sanitize uploaded images via Pillow re-encode
upload_photo endpoint stored raw uploaded bytes verbatim — EXIF GPS/device
fingerprint leaked, polyglot files (image + appended payload) survived MIME
check and were served back with image/* content-type.

Add services/image_sanitizer.py: open via Pillow, force full decode, drop
EXIF, normalize to RGB, cap longest edge at 2400px, re-encode as JPEG
quality=85. Pipe upload_photo through it; reject undecodable input with 400.

Pin Pillow>=10.3.0 explicitly (was transitive via weasyprint).

Closes finding #6 from 2026-05-24 trade-in audit.
2026-05-24 14:24:55 +03:00
..
app fix(tradein-photos): sanitize uploaded images via Pillow re-encode 2026-05-24 14:24:55 +03:00
data/sql fix(tradein-avito): strip Emotion CSS from listings.address (#502) 2026-05-24 10:52:50 +00:00
tests fix(tradein-estimator): atomic IMV link, batched yandex history, drop redundant CAST (#509) 2026-05-24 11:18:12 +00:00
.dockerignore feat: add tradein-mvp subproject (Trade-In Estimator под /trade-in) 2026-05-21 00:25:39 +03:00
Dockerfile feat: add tradein-mvp subproject (Trade-In Estimator под /trade-in) 2026-05-21 00:25:39 +03:00
pyproject.toml fix(tradein-photos): sanitize uploaded images via Pillow re-encode 2026-05-24 14:24:55 +03:00