jvoisin
655c19d17d
Improve a bit the support for ppt files
2019-10-17 23:02:17 +02:00
jvoisin
a389cc760a
Fix a stacktrace in ./mat2 when the file can't be cleaned
2019-10-17 22:51:00 +02:00
jvoisin
4034cf9a1a
Copy file permissions
...
Mat2 (the cli) will now copy the input file permissions
to the output file.
2019-10-13 11:54:47 +02:00
jvoisin
5f0b3beb46
Add a way to disable the sandbox
...
Due to bubblewrap's pickiness, mat2 can now be run
without a sandbox, even if bubblewrap is installed.
2019-10-12 16:13:49 -07:00
jvoisin
3cef7fe7fc
Refactor tests
2019-10-12 13:32:04 -07:00
jvoisin
6d19a20935
Remove an unused variable
2019-10-12 21:41:13 +02:00
jvoisin
12489bb682
Remove a useless \
2019-10-12 21:36:28 +02:00
jvoisin
bb903ec309
Remove useless parenthesis
2019-10-12 21:36:19 +02:00
jvoisin
893faa6604
Fix a test for png's lightweight cleaning on corrupted files
2019-10-12 21:34:31 +02:00
jvoisin
4483c06f19
Replace abstractstaticmethod with abstractmethod
...
Apparently, abstractstaticmethod is deprecated
since python3.3.
2019-10-12 21:28:27 +02:00
madaidan
58773088ac
Mount a new tmpfs on /tmp and drop all capabilities
...
This mounts a new tmpfs on /tmp so any files residing there would be hidden
from the sandbox. Many programs store some files in there that might be useful
to an attacker. It also drops all capabilities incase it is ever run with
extra capabilities for whatever reason.
2019-10-05 15:21:40 +02:00
jvoisin
3714553185
Fix bubblewrap
...
On some machines (like mine), `/proc` has to be mounted. Also, since
sandboxing with bubblewrap is best effort and assumes that an attacker doesn't
have control outside of the file to clean, it's safe to __try__ to enable some
bubblewrap features, and to silently fail otherwise.
2019-09-21 14:14:39 +02:00
jvoisin
1678d37856
Mark a comment as FP
2019-09-01 19:01:33 +02:00
jvoisin
397a18b0cc
Add support for ppm
2019-09-01 09:28:46 -07:00
jvoisin
fc924239fe
Add a test for nsid cleaning
2019-09-01 13:52:02 +02:00
jvoisin
0170f0e37e
Improve a bit the comments in the code
...
This is related to the previous commit
2019-09-01 13:52:02 +02:00
jvoisin
0cf0541ad9
Remove nsid fields from MSOffice documents
...
nsids are random identifiers, usually used to ease merging
between documents, and can trivially be used for fingerprinting.
2019-09-01 13:52:02 +02:00
jvoisin
40669186c9
Add support for inplace cleaning
2019-08-31 10:31:08 -07:00
jvoisin
d76a6cbb18
Some arguments of mat2 are mutually exclusive
2019-08-01 08:14:21 -07:00
jvoisin
49e0c43ac5
Tweak a bit the ci
...
- gentoo and debian with bubblewrap are not allowed to fail anymore
- don't run coverage on debian without bubblewrap
2019-07-22 23:36:20 +02:00
jvoisin
0c75cd15dc
Remove a mypy workaround to bump coverage back to 100%
2019-07-22 23:28:51 +02:00
jvoisin
5280b6c2b3
Add a test for svg namespace
2019-07-22 23:21:06 +02:00
georg
a81ea65d44
CI: Run bubblewrap tests as different user than 'root' to fix errors
...
It seems, there is a bug somewhere if the test suite is invoked as
'root', and bubblewrap is available.
2019-07-22 13:39:06 -07:00
georg
8bb2826f7a
CI: Add job to run codespell, a spell checking software
2019-07-22 13:31:40 -07:00
jvoisin
5c33b290ae
Fix mypy
2019-07-20 16:05:55 +02:00
jvoisin
00d728f6cc
Display the filename along with the "No metadata found" message
2019-07-18 01:30:28 +02:00
georg
65cfd110f9
Nautilus: Add note that distribution packages ship the extension
...
Relates #106
2019-07-14 23:07:36 +00:00
georg
1f830bf8ad
README: Drop note about Debian jessie, which is oldoldstable nowadays
...
As such, hopefully, it's not really used widely anymore. If so, this
note isn't really relevant.
2019-07-14 14:19:45 -07:00
georg
d027008e46
README: Add note about the user interfaces provided
2019-07-14 14:01:54 -07:00
georg
1163bdd991
README: Drop note about web disclosure to broaden the possible use cases
2019-07-14 19:22:33 +00:00
georg
1be0a4eefb
INSTALL: Update Debian package status
...
Also, make the note generic, to omit the need to update it "constantly".
Closes #76
2019-07-13 14:29:55 -07:00
jvoisin
dc5603eb1d
Please mypy
2019-07-13 23:25:44 +02:00
jvoisin
4999209f9c
Add support for svg
2019-07-13 21:26:05 +02:00
jvoisin
bdd5581033
Compress cleaned zip archives by default
2019-07-13 15:04:43 +02:00
jvoisin
47f9cb33bf
Please mypy
2019-07-13 15:03:40 +02:00
georg
b784a9fc7f
doc/threat_model: this is about mat2, not mat
2019-07-10 14:36:47 +00:00
jvoisin
88b95923ab
Parallelize the cli
2019-06-05 22:28:57 +02:00
jvoisin
13d71a2565
Document the archives handling implementation's details
2019-05-16 20:59:15 +02:00
jvoisin
35d550d229
Use memoization get _*_path() functions
...
This shouldn't make a big difference in the CLI/extension
usage, but might improve the performances of long-running
instances, or people misusing the API.
2019-05-16 00:31:40 +02:00
jvoisin
aa52a5c91c
Please mypy wrt. the last two commits
2019-05-14 00:50:17 +02:00
Antoine Tenart
f19f6ed8b6
Rework the dependency checks to distinguish required/optional ones
...
Rework the dependencies definition to include a 'required' flags, which
is passed by the check_dependencies helper to the callers, so that they
can distinguish between required and optional dependencies.
This help in two ways:
- The unit test for the dependencies was now failing when an optional
one was missing, due to a previous rework.
- Mat2's --check-dependencies was referring to "required dependencies"
and was misleading for the user as some of them could be optional.
Signed-off-by: Antoine Tenart <antoine.tenart@ack.tf>
2019-05-13 23:35:26 +02:00
Antoine Tenart
51ab2db279
tests: libmat2: RuntimeError cannot be thrown by chech_dependencies
...
Remove the try/except logic when calling check_dependencies, as it
cannot throw the exception anymore (it's caught already in the
function).
Signed-off-by: Antoine Tenart <antoine.tenart@ack.tf>
2019-05-13 23:35:06 +02:00
jvoisin
ef665e6dc1
Please pylint
2019-05-13 23:31:46 +02:00
jvoisin
aa0ff643c4
Improve a bit the debug mode
2019-05-13 22:12:00 +02:00
jvoisin
dd9ead4ebe
Document how mat2 compares to other software
2019-05-11 00:19:17 +02:00
jvoisin
d0ab2c3023
Bump the changelog
0.9.0
2019-05-10 22:16:38 +02:00
jvoisin
fe1950ac3e
Test the cli's behaviour with valid and invalid files
...
This should ensure that if we decide to implement
some threading in the cli, a faulty file
won't break everything.
2019-05-09 21:08:52 +02:00
jvoisin
97abafdc58
Minor code cleanup
2019-05-09 09:41:05 +02:00
jvoisin
f1a06e805b
Fix an erroneous errors message
...
This one was spotted by @fuzzy
2019-05-08 22:34:32 +02:00
jvoisin
4f0e0685ca
Allow failure with bubblewrap for now
2019-05-08 21:36:29 +02:00