Show HN: Zero Trust API – Image CDR in Rust/WASM (Rebuild Images from Pixels) (zero-trust-web.vercel.app)
I built this after researching image-based attacks for 3 months. Most
sanitizers just strip EXIF metadata, but threats like steganography and polyglot
files survive. This API decodes images to raw pixels, discards the original
container, and rebuilds a sterile PNG.
Stack: Rust → WASM → Cloudflare Workers
Free tier: 100 requests/month
API Docs & Demo: [Zero Trust App](https://zero-trust-web.vercel.app/) � RapidAPI (Get a key): [Zero Trust API] (https://rapidapi.com/image-zero-trust-security-labs/api/zero...)
1 comment
[ 2.5 ms ] story [ 13.1 ms ] threadThe problem: Apps that accept user images typically just strip EXIF metadata. But this misses: - Steganographic payloads (data hidden in pixel LSBs) - Polyglot files (valid as both image AND executable) - Image bombs (1x50000px files that exhaust memory)
My approach: Content Disarm & Reconstruction (CDR) - Decode image to raw pixel buffer - Completely discard the original container - Rebuild a sterile PNG from scratch
Stack: Rust core → WebAssembly sandbox → Cloudflare Workers edge
Free tier: 100 requests/month on RapidAPI
Happy to answer questions about the architecture, threat model, or implementation!