Validate vintage evidence image files#6342
Conversation
|
Welcome to RustChain! Thanks for your first pull request. Before we review, please make sure:
Bounty tiers: Micro (1-10 RTC) | Standard (20-50) | Major (75-100) | Critical (100-150) A maintainer will review your PR soon. Thanks for contributing! |
github-actions
Bot
added
BCOS-L1
jaxint
left a comment
jaxint
left a comment
There was a problem hiding this comment.
Great work! Thanks for contributing to RustChain! 🦀
jaxint
left a comment
jaxint
left a comment
There was a problem hiding this comment.
Code review completed. Thanks for contributing to RustChain! 🚀
jaxint
left a comment
jaxint
left a comment
There was a problem hiding this comment.
Code review completed. Thanks for contributing! 🚀
CyberNomad2000
left a comment
CyberNomad2000
left a comment
There was a problem hiding this comment.
I found one regression that should be fixed before merge.
validate_photo() still treats .bmp as an allowed photo extension, but the new _read_image_metadata() implementation only recognizes PNG, GIF, and JPEG signatures. That means a valid BMP evidence photo now reaches _validate_image_file() and fails with Photo file is not a valid image: not a valid image, despite .bmp remaining in the accepted extension list. This is a behavior regression from the previous extension/size-based validation and will reject legitimate BMP submissions.
A narrow fix would either add BMP header/dimension parsing to _read_image_metadata() or remove .bmp from the accepted formats and update the user-facing contract/tests accordingly. Since the code still advertises .bmp as acceptable, I think supporting BMP in the parser is the least surprising path.
Validation performed locally on PR head d80ec4657ebee60e14d4dcd38d05a60683b9acd9:
python -m pytest -q tests/test_validate_vintage_submission.py
# 8 passed
I also generated a valid 640x480 BMP with a BITMAPINFOHEADER and confirmed SubmissionValidator().validate_photo() returns FAIL with format: '.bmp'.
|
Fixed the BMP regression in
Validation:
|
CyberNomad2000
left a comment
CyberNomad2000
left a comment
There was a problem hiding this comment.
Reviewed the updated head 272b190d1cb5347cabf01406887c04647ff952b5 after the BMP regression fix.
Validation performed:
python -m pytest -q tests/test_validate_vintage_submission.py
9 passed in 1.09s
The PR now keeps .bmp accepted and adds BITMAPINFOHEADER parsing plus a regression test, so the issue I flagged in the previous review is resolved.
MolhamHamwi
left a comment
MolhamHamwi
left a comment
There was a problem hiding this comment.
Reviewed tools/validate_vintage_submission.py and tests/test_validate_vintage_submission.py in this PR.
Two specific observations:
-
The dependency-free image metadata parsing is a good fit for this CLI validator: the PNG/GIF/BMP/JPEG magic-number paths keep the vintage-submission checks stricter without adding Pillow or another runtime dependency, and the new generated PNG/BMP fixtures exercise real headers/dimensions instead of only extension checks.
-
One follow-up worth considering:
_validate_image_file()now returnsWARNfor low-resolution images, but unlike the old small-file checks it does not append those resolution warnings toself.warnings. If the aggregate submission summary depends onvalidator.warnings, low-resolution photo/screenshot evidence may be shown asWARNin the per-check result but omitted from the final warnings list.
I received RTC compensation for this review.
|
Addressed the warning-summary follow-up in
Validation:
|
minyanyi
left a comment
minyanyi
left a comment
There was a problem hiding this comment.
Reviewed the vintage submission evidence-image validation update and regression coverage.
- Verified the validator now inspects actual image headers/dimensions for PNG, GIF, BMP, and JPEG without adding a heavy runtime dependency.
- Checked malformed image content now fails instead of passing on extension/file-size heuristics alone, while low-resolution real images produce a warning that is also recorded in the validator warning summary.
- Confirmed the new generated PNG/BMP fixtures exercise real file structures and dimensions, and the attestation-log/wallet validation coverage remains intact.
- Local validation passed:
python -B -m pytest -q tests/test_validate_vintage_submission.py --tb=short-> 10 passed, 1 warning;python -B -m py_compile tools/validate_vintage_submission.py tests/test_validate_vintage_submission.pypassed;git diff --check origin/main...HEADpassed.
I received RTC compensation for this review.
jaxint
left a comment
jaxint
left a comment
There was a problem hiding this comment.
Great work! Thanks for contributing to RustChain! 🦀
jaxint
left a comment
jaxint
left a comment
There was a problem hiding this comment.
Great work! Thanks for contributing to RustChain! 🦀
|
Hi maintainers, quick follow-up on this one. The PR is currently clean and has received positive reviews/approvals after the BMP and warning-summary follow-ups were addressed. Is there anything else you need from me before this can be merged and considered for bounty/payment review? Happy to make any remaining adjustments if there is a blocker I missed. Current validation on the latest head:
|
jaxint
left a comment
jaxint
left a comment
There was a problem hiding this comment.
Great work! Thanks for contributing to RustChain! 🦀
jaxint
left a comment
jaxint
left a comment
There was a problem hiding this comment.
Great work! Thanks for contributing to RustChain! 🦀
jaxint
left a comment
jaxint
left a comment
There was a problem hiding this comment.
Great work! Thanks for contributing to RustChain! 🦀
5 participants
Summary\n- reject photo and screenshot evidence files that are not parseable images\n- read PNG, GIF, and JPEG dimensions using the standard library so the validator does not need Pillow\n- include image metadata in validation checks and warn on images below 640x480\n\nCloses #6288\n\n## Verification\n- .venv/bin/python -B -m pytest -q tests/test_validate_vintage_submission.py --tb=short -p no:cacheprovider\n- .venv/bin/python -B -m py_compile tools/validate_vintage_submission.py tests/test_validate_vintage_submission.py\n- git diff --check\n