security-and-privacy/mat2
security-and-privacy/mat2
1
0
Fork 0
mirror of synced 2024-11-22 17:24:23 +01:00
Code Releases Activity
429 Commits 1 Branch 26 Tags 12 MiB
3714553185
Commit Graph

429 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
jvoisin
3714553185 Fix bubblewrap 
On some machines (like mine), `/proc` has to be mounted.  Also, since
sandboxing with bubblewrap is best effort and assumes that an attacker doesn't
have control outside of the file to clean, it's safe to __try__ to enable some
bubblewrap features, and to silently fail otherwise.
 2019-09-21 14:14:39 +02:00
jvoisin
1678d37856 Mark a comment as FP 2019-09-01 19:01:33 +02:00
jvoisin
397a18b0cc Add support for ppm 2019-09-01 09:28:46 -07:00
jvoisin
fc924239fe Add a test for nsid cleaning 2019-09-01 13:52:02 +02:00
jvoisin
0170f0e37e Improve a bit the comments in the code 
This is related to the previous commit
 2019-09-01 13:52:02 +02:00
jvoisin
0cf0541ad9 Remove nsid fields from MSOffice documents 
nsids are random identifiers, usually used to ease merging
between documents, and can trivially be used for fingerprinting.
 2019-09-01 13:52:02 +02:00
jvoisin
40669186c9 Add support for inplace cleaning 2019-08-31 10:31:08 -07:00
jvoisin
d76a6cbb18 Some arguments of mat2 are mutually exclusive 2019-08-01 08:14:21 -07:00
jvoisin
49e0c43ac5 Tweak a bit the ci 
- gentoo and debian with bubblewrap are not allowed to fail anymore
- don't run coverage on debian without bubblewrap
 2019-07-22 23:36:20 +02:00
jvoisin
0c75cd15dc Remove a mypy workaround to bump coverage back to 100% 2019-07-22 23:28:51 +02:00
jvoisin
5280b6c2b3 Add a test for svg namespace 2019-07-22 23:21:06 +02:00
georg
a81ea65d44 CI: Run bubblewrap tests as different user than 'root' to fix errors 
It seems, there is a bug somewhere if the test suite is invoked as
'root', and bubblewrap is available.
 2019-07-22 13:39:06 -07:00
georg
8bb2826f7a CI: Add job to run codespell, a spell checking software 2019-07-22 13:31:40 -07:00
jvoisin
5c33b290ae Fix mypy 2019-07-20 16:05:55 +02:00
jvoisin
00d728f6cc Display the filename along with the "No metadata found" message 2019-07-18 01:30:28 +02:00
georg
65cfd110f9
Nautilus: Add note that distribution packages ship the extension 
Relates #106
 2019-07-14 23:07:36 +00:00
georg
1f830bf8ad README: Drop note about Debian jessie, which is oldoldstable nowadays 
As such, hopefully, it's not really used widely anymore. If so, this
note isn't really relevant.
 2019-07-14 14:19:45 -07:00
georg
d027008e46 README: Add note about the user interfaces provided 2019-07-14 14:01:54 -07:00
georg
1163bdd991
README: Drop note about web disclosure to broaden the possible use cases 2019-07-14 19:22:33 +00:00
georg
1be0a4eefb INSTALL: Update Debian package status 
Also, make the note generic, to omit the need to update it "constantly".

Closes #76
 2019-07-13 14:29:55 -07:00
jvoisin
dc5603eb1d Please mypy 2019-07-13 23:25:44 +02:00
jvoisin
4999209f9c Add support for svg 2019-07-13 21:26:05 +02:00
jvoisin
bdd5581033 Compress cleaned zip archives by default 2019-07-13 15:04:43 +02:00
jvoisin
47f9cb33bf Please mypy 2019-07-13 15:03:40 +02:00
georg
b784a9fc7f
doc/threat_model: this is about mat2, not mat 2019-07-10 14:36:47 +00:00
jvoisin
88b95923ab Parallelize the cli 2019-06-05 22:28:57 +02:00
jvoisin
13d71a2565 Document the archives handling implementation's details 2019-05-16 20:59:15 +02:00
jvoisin
35d550d229 Use memoization get _*_path() functions 
This shouldn't make a big difference in the CLI/extension
usage, but might improve the performances of long-running
instances, or people misusing the API.
 2019-05-16 00:31:40 +02:00
jvoisin
aa52a5c91c Please mypy wrt. the last two commits 2019-05-14 00:50:17 +02:00
Antoine Tenart
f19f6ed8b6 Rework the dependency checks to distinguish required/optional ones 
Rework the dependencies definition to include a 'required' flags, which
is passed by the check_dependencies helper to the callers, so that they
can distinguish between required and optional dependencies.

This help in two ways:
- The unit test for the dependencies was now failing when an optional
  one was missing, due to a previous rework.
- Mat2's --check-dependencies was referring to "required dependencies"
  and was misleading for the user as some of them could be optional.

Signed-off-by: Antoine Tenart <antoine.tenart@ack.tf>
 2019-05-13 23:35:26 +02:00
Antoine Tenart
51ab2db279 tests: libmat2: RuntimeError cannot be thrown by chech_dependencies 
Remove the try/except logic when calling check_dependencies, as it
cannot throw the exception anymore (it's caught already in the
function).

Signed-off-by: Antoine Tenart <antoine.tenart@ack.tf>
 2019-05-13 23:35:06 +02:00
jvoisin
ef665e6dc1 Please pylint 2019-05-13 23:31:46 +02:00
jvoisin
aa0ff643c4 Improve a bit the debug mode 2019-05-13 22:12:00 +02:00
jvoisin
dd9ead4ebe Document how mat2 compares to other software 2019-05-11 00:19:17 +02:00
jvoisin
d0ab2c3023 Bump the changelog 2019-05-10 22:16:38 +02:00
jvoisin
fe1950ac3e Test the cli's behaviour with valid and invalid files 
This should ensure that if we decide to implement
some threading in the cli, a faulty file
won't break everything.
 2019-05-09 21:08:52 +02:00
jvoisin
97abafdc58 Minor code cleanup 2019-05-09 09:41:05 +02:00
jvoisin
f1a06e805b Fix an erroneous errors message 
This one was spotted by @fuzzy
 2019-05-08 22:34:32 +02:00
jvoisin
4f0e0685ca Allow failure with bubblewrap for now 2019-05-08 21:36:29 +02:00
jvoisin
911d822c44 Add tests to find possible race-conditions in the cli 2019-05-08 21:30:54 +02:00
fuzzy
7e031c9757 typo 2019-05-03 02:39:15 -07:00
jvoisin
9516990693 Add some verification for "dangerous" tarfiles 2019-05-01 17:55:35 +02:00
jvoisin
a7ebb587e1 Handle weird permissions in tar archives 2019-04-27 22:48:40 +02:00
jvoisin
14a4cddb8b Improve the display of tarfile's members mtime 2019-04-27 21:15:06 +02:00
jvoisin
8e41b098d6 Add support for compressed tar files 2019-04-27 06:03:09 -07:00
jvoisin
82cc822a1d Add tar archive support 2019-04-27 04:05:36 -07:00
jvoisin
20ed5eb7d6 Improve a bit the verbosity of a test 2019-04-14 21:00:13 +02:00
jvoisin
05f429b197 Add support for xhtml files 2019-04-14 20:36:33 +02:00
jvoisin
74afa885f5 Please pylint 2019-03-30 10:39:39 +01:00
jvoisin
1e325c5b5b Please mypy 
Apparently, mypy isn't able (yet?) to deal
with variables that are changing their types
at runtime.

Python is wonderful.
 2019-03-30 10:33:16 +01:00