security-and-privacy/mat2
security-and-privacy/mat2
1
0
Fork 0
mirror of synced 2024-11-22 09:14:23 +01:00
Code Releases Activity
588 Commits 1 Branch 26 Tags 12 MiB
6c05360afa
Commit Graph

588 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
jvoisin
5a7c7f35f7 Remove print from libmat, and use the logging module instead 
This should close #28
 2018-07-10 21:30:38 +02:00
jvoisin
d5861e4653 Implement a check for dependencies in mat2 
Example use:

```
$ mat2 -c
Dependencies required for MAT2 0.1.3:
- Cairo: yes
- Exiftool: yes
- GdkPixbuf from PyGobject: yes
- Mutagen: yes
- Poppler from PyGobject: yes
- PyGobject: yes
```

This should close #35
 2018-07-10 21:24:26 +02:00
jvoisin
22e3918f67 Add pylint3 to the ci 2018-07-09 01:22:08 +02:00
jvoisin
080d6769ca Make pylint even happier 2018-07-09 01:11:44 +02:00
jvoisin
86fe3aa584 Fix the previous commit 2018-07-09 00:30:16 +02:00
jvoisin
cc327b1592 Minor improvement of fedora's duration in the testsuite 2018-07-09 00:27:40 +02:00
jvoisin
b4edd6d2a2 Document that MAT2 not being able to detect metadata doesn't mean that the file is clean 2018-07-09 00:17:59 +02:00
jvoisin
bd357b85f8 Remove a useless option that was never implemented anyway 2018-07-09 00:13:16 +02:00
jvoisin
8c21006e6c Fix some pep8 issues spotted by pyflakes 2018-07-08 22:40:36 +02:00
jvoisin
f49aa5cab7 Achieve 100% coverage! 2018-07-08 22:27:37 +02:00
jvoisin
52a2c800b7 Bump coverage again 2018-07-08 21:50:52 +02:00
jvoisin
ad3e7ccee8 Bump coverage for office files and fix some related crashes 2018-07-08 21:35:45 +02:00
jvoisin
ca01484126 Silence a mypy's stupid warning 2018-07-08 17:12:17 +02:00
jvoisin
f9bc022c96 Add defusedxml as an (optional) way to prevent XML-based attacks 
Those attacks are DoS-only.
 2018-07-08 17:07:26 +02:00
jvoisin
72e1fda18d Remove a leftover print 2018-07-08 15:19:18 +02:00
jvoisin
3cd4f9111f Bump coverage for torrent handling 2018-07-08 15:13:03 +02:00
jvoisin
b5fcddd6a6 Simplify how torrent files are handled 
- Rework the testsuite wrt. torrent
- fail at parser's instantiation on corrupted torrent,
  instead of during `get_meta` or `remove_all` call
 2018-07-08 13:49:11 +02:00
jvoisin
7ea362d908 Bump the coverage for pdf 2018-07-07 18:12:33 +02:00
jvoisin
85455a4419 Fix a mistake in office file revisions handling 2018-07-07 18:05:54 +02:00
jvoisin
9f631a1bb1 Bump a bit the coverage 2018-07-07 18:02:53 +02:00
jvoisin
c2ef35d1f1 Bump the changelog 2018-07-06 01:00:14 +02:00
jvoisin
3d80f97524 Simplify BMP handling 2018-07-06 00:49:17 +02:00
jvoisin
53271495f7 Add support for .txt files 2018-07-06 00:42:09 +02:00
jvoisin
0638b9bbbb Document that we do like PEP8 2018-07-02 00:27:38 +02:00
jvoisin
893f58554a Improve a bit the formatting of the code thanks to pyflakes3 2018-07-02 00:22:05 +02:00
jvoisin
11008f8fd4 Improve a bit the README 2018-07-01 23:35:04 +02:00
jvoisin
a430403c7e Document in our implementation notes how revisions are handled and why 2018-07-01 23:27:24 +02:00
jvoisin
bee56a57ce Remove docx revisions 2018-07-01 23:16:14 +02:00
jvoisin
02f7605ac1 MAT2 is now cleaning revisions from odt files! 2018-07-01 21:09:20 +02:00
jvoisin
80fc4ffb40 Remove the thumbnails from libreoffice files 2018-07-01 17:29:05 +02:00
jvoisin
177184ac67 Massively simplify how we're cleaning office files 2018-06-27 21:48:46 +02:00
jvoisin
f44769df41 Ensure Poppler's minimal version 
We're using methods that aren't available in Poppler
below 0.46, so we're checking for this upon import.

This commit is based on ideas from @LogicalDash ♥
 2018-06-24 22:40:57 +02:00
jvoisin
1e9906de29 Document that we tests against corrupted files 2018-06-22 21:21:03 +02:00
jvoisin
63b19416ef Pyflakes should run on the testsuite too 2018-06-22 21:18:22 +02:00
jvoisin
74f2d50433 Split the testsuite a bit and add more tests 2018-06-22 21:16:55 +02:00
jvoisin
b4ef0c9622 Improve reliability against corrupted image files 2018-06-22 20:38:29 +02:00
jvoisin
dfccf79f22 Bump the changelog 2018-06-21 23:34:12 +02:00
jvoisin
8810564b8e Fix some deprecated directives in the COTNRIBUTING.md file 2018-06-21 23:33:56 +02:00
jvoisin
5b38bd7ccd Improve the reliability of the office parser 2018-06-21 23:18:59 +02:00
jvoisin
846a261465 Fix some linter warnings 2018-06-21 23:07:21 +02:00
jvoisin
09e748fa4c Refactor how offices files are handled 
- xml files are no longer considered harmless
- Factorization of the `remove_all` method for office files
- Explicit whitelist are used
- Blacklist are used to skip files completely
  - Non-blacklisted files are _still cleaned_
  - Unsupported files are still triggering an error
 2018-06-21 23:02:41 +02:00
jvoisin
a89dae054a Minor simplification of the office-related code 2018-06-21 21:24:53 +02:00
jvoisin
c1f4426612 Improve the threat-model again, thanks to @joe 2018-06-20 00:10:21 +02:00
jvoisin
120c3bf72f Improve a bit our threat model 2018-06-19 23:39:06 +02:00
jvoisin
84277740a9 Add fedora in the CI 
refactor
 2018-06-19 00:01:28 +02:00
Antoine Tenart
3a776ff1ca README: software is always singular 
Fix on small typo. Cosmetic patch.

Signed-off-by: Antoine Tenart <antoine.tenart@ack.tf>
 2018-06-18 23:49:54 +02:00
Antoine Tenart
cce5de82e5 libmat2: harmless: add the text/xml mime type 
Fedora defines the 'text/xml' mime type for xml files. Adds this mime
type to the harmless parser.

Fixes #36.

Signed-off-by: Antoine Tenart <antoine.tenart@ack.tf>
 2018-06-12 21:34:47 +02:00
Antoine Tenart
484e26dd9c libmat2: audio: add the audio/x-flac mime type 
The FLAC parser looks for the 'audio/flac' mime type, but Fedora
defines 'audio/x-flac' in /etc/mime.types for FLAC files. Add this mime
type to the audio parser.

Fixes #36.

Signed-off-by: Antoine Tenart <antoine.tenart@ack.tf>
 2018-06-12 21:34:47 +02:00
Antoine Tenart
3359f36b67 README: fix one typo 
Fixes one small typo in the README.

Signed-off-by: Antoine Tenart <antoine.tenart@ack.tf>
 2018-06-12 18:59:51 +02:00
Antoine Tenart
c19cbc48e2 README: fix the Jessie python3 URL 
Fixes the scheme in Jessie's Python3 URL.

Signed-off-by: Antoine Tenart <antoine.tenart@ack.tf>
 2018-06-12 18:59:03 +02:00