Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
com.ashampoo:kim-iosarm64
Advanced tools
Kotlin Multiplatform library for image metadata manipulation
Kim is a Kotlin Multiplatform library for reading and writing image metadata.
It's part of Ashampoo Photo Organizer.
eXIf
chunk & XMP
tEXt
/zTXt
chunkKim.update()
API to perform updates to the relevant places
The future development of features on our part is driven entirely by the needs of Ashampoo Photo Organizer, which, in turn, is driven by user community feedback.
implementation("com.ashampoo:kim:0.20.1")
For the targets wasmJs
& js
you also need to specify this:
implementation(npm("pako", "2.1.0"))
Kim.readMetadata()
takes kotlin.ByteArray
on all platforms and depending on
the platform also kotlinx.io.files.Path
, Ktor Source
& ByteReadChannel
,
java.io.File
, java.io.InputStream
, NSData
and String
paths.
val bytes: ByteArray = loadBytes()
val metadata = Kim.readMetadata(bytes)
/* ImageMetadata has a proper toString() similar to the output of ExifTool */
println(metadata)
val orientation = metadata.findShortValue(TiffTag.TIFF_TAG_ORIENTATION)
println("Orientation: $orientation")
val takenDate = metadata.findStringValue(ExifTag.EXIF_TAG_DATE_TIME_ORIGINAL)
println("Taken date: $takenDate")
This creates an instance of PhotoMetadata. It contains the following:
val bytes: ByteArray = loadBytes()
val photoMetadata = Kim.readMetadata(bytes).convertToPhotoMetadata()
val inputFile = File("myphoto.jpg")
val outputFile = File("myphoto_changed.jpg")
val metadata = Kim.readMetadata(inputFile)
val outputSet: TiffOutputSet = metadata.exif?.createOutputSet() ?: TiffOutputSet()
val rootDirectory = outputSet.getOrCreateRootDirectory()
rootDirectory.removeField(TiffTag.TIFF_TAG_ORIENTATION)
rootDirectory.add(TiffTag.TIFF_TAG_ORIENTATION, 8)
OutputStreamByteWriter(outputFile.outputStream()).use { outputStreamByteWriter ->
JpegRewriter.updateExifMetadataLossless(
byteReader = JvmInputStreamByteReader(inputFile.inputStream(), inputFile.length()),
byteWriter = outputStreamByteWriter,
outputSet = outputSet
)
}
See the example project for more details.
val bytes: ByteArray = loadBytes()
val newBytes = Kim.update(
bytes = bytes,
update = MetadataUpdate.Orientation(TiffOrientation.ROTATE_RIGHT)
)
See AbstractUpdaterTest for more samples.
val bytes: ByteArray = loadBytes()
val thumbnailBytes: ByteArray = loadThumbnailBytes()
val newBytes = Kim.updateThumbnail(
bytes = bytes,
thumbnailBytes = thumbnailBytes
)
See the Java example project how to use Kim in Java projects.
In the processing of HEIC and AVIF files, we handle them as standard ISOBMFF-based files, adhering rigorously to the EIC/ISO 14496-12 specification. To preempt potential legal issues, we intentionally omit certain boxes outlined in the HEIC specification, notably the image size ("ispe") and image rotation ("irot") boxes. This approach extends to AVIF images, as they repurpose the same boxes.
Contributions to Ashampoo Kim are welcome! If you encounter any issues, have suggestions for improvements, or would like to contribute new features, please feel free to submit a pull request.
This code is under the Apache License 2.0.
See the NOTICE.txt
file for required notices and attributions.
FAQs
Kotlin Multiplatform library for image metadata manipulation
We found that com.ashampoo:kim-iosarm64 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.