From 2d9ba81a84a122f09770ed53d8c8284bf3b61dc0 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 5 Sep 2018 13:00:28 -0400 Subject: [PATCH] spelling correction. while mat2 has both a thread model (a thread pool that strips metadata in parallel) and a threat model (a list of malicious adversaries and their capabilities that we are trying to defeat), i think this paragraph is talking about the latter. --- doc/implementation_notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/implementation_notes.md b/doc/implementation_notes.md index 3b8e49d..cbf76ee 100644 --- a/doc/implementation_notes.md +++ b/doc/implementation_notes.md @@ -64,7 +64,7 @@ to the filesystem. This ensures that every metadata is removed. XML attacks ----------- -Since our thread model conveniently excludes files crafted to specifically +Since our threat model conveniently excludes files crafted to specifically bypass MAT2, fileformats containing harmful XML are out of our scope. But since MAT2 is using [etree](https://docs.python.org/3/library/xml.html#xml-vulnerabilities) to process XML, it's "only" vulnerable to DoS, and not memory corruption: