🦺 [open-formulieren/security-issues#35] SVG sanitation

robinmolen · robinmolen · commit d4219841dd87 · 2025-03-05T08:48:05.000+01:00
Added svg sanitation to the SVGOrImageField class, using the bleach library.

The sanitation eliminates script tags, event handlers and non-essential tags and attributes (like Animation stuff, data-*, href)

The allowed tags and attributes are derived from the MDN documentation about SVG content.
diff --git a/src/openforms/utils/fields.py b/src/openforms/utils/fields.py
@@ -14,9 +14,8 @@ class StringUUIDField(models.UUIDField):
 
 
 class SVGOrImageField(models.ImageField):
-    # SVG's are not regular "images", so they get different treatment. Note that
-    # we're not doing extended sanitization *yet* here, so be careful when using
-    # this field.
+    # SVG's are not regular "images", so they get different treatment. Sanitization is
+    # done in the form_class, form_fields.SVGOrImageField.
     def formfield(self, **kwargs):
         return super().formfield(
             **{
diff --git a/src/openforms/utils/form_fields.py b/src/openforms/utils/form_fields.py
@@ -9,6 +9,8 @@
 from django.db import models
 from django.forms import CheckboxSelectMultiple, ImageField, MultipleChoiceField
 
+from .sanitizer import sanitize_svg_file
+
 image_or_svg_extension_validator = FileExtensionValidator(
     allowed_extensions=["svg"] + list(get_available_image_extensions())
 )
@@ -44,10 +46,10 @@ def to_python(self, data):
         # get the extension
         extension = get_extension(data)
 
-        # SVG's are not regular "images", so they get different treatment. Note that
-        # we're not doing extended sanitization *yet* here, so be careful when using
-        # this field.
+        # SVG's are not regular "images", so they get different treatment.
         if extension == "svg":
+            data = sanitize_svg_file(data)
+
             # we call the parent of the original ImageField instead of calling to_python
             # of ImageField (the direct superclass), as that one tries to validate the
             # image with PIL
diff --git a/src/openforms/utils/sanitizer.py b/src/openforms/utils/sanitizer.py
@@ -0,0 +1,196 @@
+from django.core.files import File
+
+import bleach
+
+ALLOWED_SVG_TAGS = (
+    "circle",
+    "clipPath",
+    "defs",
+    "desc",
+    "ellipse",
+    "feBlend",
+    "feColorMatrix",
+    "feComponentTransfer",
+    "feComposite",
+    "feConvolveMatrix",
+    "feDiffuseLighting",
+    "feDisplacementMap",
+    "feDistantLight",
+    "feDropShadow",
+    "feFlood",
+    "feFuncA",
+    "feFuncB",
+    "feFuncG",
+    "feFuncR",
+    "feGaussianBlur",
+    "feImage",
+    "feMerge",
+    "feMergeNode",
+    "feMorphology",
+    "feOffset",
+    "fePointLight",
+    "feSpecularLighting",
+    "feSpotLight",
+    "feTile",
+    "feTurbulence",
+    "filter",
+    "foreignObject",
+    "g",
+    "image",
+    "line",
+    "linearGradient",
+    "marker",
+    "mask",
+    "metadata",
+    "mpath",
+    "path",
+    "pattern",
+    "polygon",
+    "polyline",
+    "radialGradient",
+    "rect",
+    "set",
+    "stop",
+    "style",
+    "svg",
+    "symbol",
+    "text",
+    "textPath",
+    "title",
+    "tspan",
+    "use",
+    "view",
+    # --- Not allowing 'a', 'animate*' and 'script' tags
+)
+
+ALLOWED_SVG_ATTRIBUTES = {
+    "*": [
+        # --- Basic presentation attributes
+        "alignment-baseline",
+        "baseline-shift",
+        "clip",
+        "clip-path",
+        "clip-rule",
+        "color",
+        "color-interpolation",
+        "color-interpolation-filters",
+        "cursor",
+        "cx",
+        "cy",
+        "d",
+        "direction",
+        "display",
+        "dominant-baseline",
+        "fill",
+        "fill-opacity",
+        "fill-rule",
+        "filter",
+        "flood-color",
+        "flood-opacity",
+        "font-family",
+        "font-size",
+        "font-size-adjust",
+        "font-stretch",
+        "font-style",
+        "font-variant",
+        "font-weight",
+        "glyph-orientation-horizontal",
+        "glyph-orientation-vertical",
+        "height",
+        "image-rendering",
+        "letter-spacing",
+        "lighting-color",
+        "marker-end",
+        "marker-mid",
+        "marker-start",
+        "mask",
+        "mask-type",
+        "opacity",
+        "overflow",
+        "pointer-events",
+        "r",
+        "rx",
+        "ry",
+        "shape-rendering",
+        "stop-color",
+        "stop-opacity",
+        "stroke",
+        "stroke-dasharray",
+        "stroke-dashoffset",
+        "stroke-linecap",
+        "stroke-linejoin",
+        "stroke-miterlimit",
+        "stroke-opacity",
+        "stroke-width",
+        "text-anchor",
+        "text-decoration",
+        "text-overflow",
+        "text-rendering",
+        "transform",
+        "transform-origin",
+        "unicode-bidi",
+        "vector-effect",
+        "visibility",
+        "white-space",
+        "width",
+        "word-spacing",
+        "writing-mode",
+        "x",
+        "y",
+        # --- Filter attributes
+        "amplitude",
+        "exponent",
+        "intercept",
+        "offset",
+        "slope",
+        "tableValues",
+        "type",
+        # --- Not allowing 'href', 'data-*', Animation and some other attributes
+    ],
+    "svg": ["xmlns", "viewBox"],
+}
+
+
+def sanitize_svg_file(data: File) -> File:
+    """
+    Defuse an uploaded SVG file.
+
+    The entire file content will be replaced with a sanitized version. All tags and
+    attributes that aren't explicitly allowed, are removed from the SVG content.
+
+    :arg data: the uploaded SVG file, opened in binary mode.
+    """
+    # Making sure that the file is reset properly
+    data.seek(0)
+
+    file_content = data.read().decode("utf-8")
+    sanitized_content = sanitize_svg_content(file_content)
+
+    # Replace svg file content with the bleached variant.
+    # `truncate(0)` doesn't reset the point, so start with a seek(0) to make sure the
+    # content is as expected.
+    data.seek(0)
+    data.truncate(0)
+    data.write(sanitized_content.encode("utf-8"))
+
+    # Reset pointer
+    data.seek(0)
+    return data
+
+
+def sanitize_svg_content(svg_content: str) -> str:
+    """
+    Strip (potentially) dangerous elements and attributes from the provided SVG string.
+
+    All tags and attributes that aren't explicitly allowed, are removed from the SVG
+    content.
+
+    :arg svg_content: decoded SVG content.
+    """
+
+    return bleach.clean(
+        svg_content,
+        tags=ALLOWED_SVG_TAGS,
+        attributes=ALLOWED_SVG_ATTRIBUTES,
+        strip=True,
+    )
