Uploads sanitize Rake tasks (CORE ONLY)

In GitLab 11.9 and later, EXIF data is automatically stripped from JPG or TIFF image uploads.

EXIF data may contain sensitive information (for example, GPS location), so you can remove EXIF data from existing images that were uploaded to an earlier version of GitLab.

Requirements

To run this Rake task, you need exiftool installed on your system. If you installed GitLab:

  • Using the Omnibus package, you're all set.

  • From source, make sure exiftool is installed:

    # Debian/Ubuntu
    sudo apt-get install libimage-exiftool-perl
    
    # RHEL/CentOS
    sudo yum install perl-Image-ExifTool

Remove EXIF data from existing uploads

To remove EXIF data from existing uploads, run the following command:

sudo RAILS_ENV=production -u git -H bundle exec rake gitlab:uploads:sanitize:remove_exif

By default, this command runs in "dry run" mode and doesn't remove EXIF data. It can be used for checking if (and how many) images should be sanitized.

The Rake task accepts following parameters.

Parameter Type Description
start_id integer Only uploads with equal or greater ID will be processed
stop_id integer Only uploads with equal or smaller ID will be processed
dry_run boolean Do not remove EXIF data, only check if EXIF data are present or not. Defaults to true
sleep_time float Pause for number of seconds after processing each image. Defaults to 0.3 seconds
uploader string Run sanitization only for uploads of the given uploader: FileUploader, PersonalFileUploader, or NamespaceFileUploader
since date Run sanitization only for uploads newer than given date. For example, 2019-05-01

If you have too many uploads, you can speed up sanitization by:

  • Setting sleep_time to a lower value.
  • Running multiple Rake tasks in parallel, each with a separate range of upload IDs (by setting start_id and stop_id).

To remove EXIF data from all uploads, use:

sudo RAILS_ENV=production -u git -H bundle exec rake gitlab:uploads:sanitize:remove_exif[,,false,] 2>&1 | tee exif.log

To remove EXIF data on uploads with an ID between 100 and 5000 and pause for 0.1 second after each file, use:

sudo RAILS_ENV=production -u git -H bundle exec rake gitlab:uploads:sanitize:remove_exif[100,5000,false,0.1] 2>&1 | tee exif.log

The output is written into an exif.log file because it will probably be long.

If sanitization fails for an upload, an error message should be in the output of the Rake task. Typical reasons include that the file is missing in the storage or it's not a valid image.

Report any issues and use the prefix 'EXIF' in the issue title with the error output and (if possible) the image.