fix(gateway): validate Slack image downloads before caching

Slack may return an HTML sign-in/redirect page instead of actual media bytes (e.g. expired token, restricted file access). This adds two layers of defense: 1. Content-Type check in slack.py rejects text/html responses early 2. Magic-byte validation in base.py's cache_image_from_bytes() rejects non-image data regardless of source platform Also adds ValueError guards in wecom.py and email.py so the new validation doesn't crash those adapters. Closes #6829
2026-04-28 01:21:43 +00:00 · 2026-04-10 03:52:46 -07:00 · 2026-04-10 03:52:46 -07:00 · 0b143f2ea3
commit 0b143f2ea3
parent c8e4dcf412
5 changed files with 128 additions and 7 deletions
--- a/gateway/platforms/email.py
+++ b/gateway/platforms/email.py
@ -195,7 +195,11 @@ def _extract_attachments(

        ext = Path(filename).suffix.lower()
        if ext in _IMAGE_EXTS:
-            cached_path = cache_image_from_bytes(payload, ext)
+            try:
+                cached_path = cache_image_from_bytes(payload, ext)
+            except ValueError:
+                logger.debug("Skipping non-image attachment %s (invalid magic bytes)", filename)
+                continue
            attachments.append({
                "path": cached_path,
                "filename": filename,