security-and-privacy/mat2
security-and-privacy
/
mat2
mirror of
1
0
Fork 0
Code Releases Activity
189 Commits 1 Branch 26 Tags 12 MiB
Commit Graph

189 Commits

Author SHA1 Message Date
jvoisin 8093dce88e Bump the changelog 2018-07-10 21:41:24 +02:00
jvoisin 5a7c7f35f7 Remove `print` from libmat, and use the `logging` module instead 
This should close #28
 2018-07-10 21:30:38 +02:00
jvoisin d5861e4653 Implement a check for dependencies in mat2 
Example use:

```
$ mat2 -c
Dependencies required for MAT2 0.1.3:
- Cairo: yes
- Exiftool: yes
- GdkPixbuf from PyGobject: yes
- Mutagen: yes
- Poppler from PyGobject: yes
- PyGobject: yes
```

This should close #35
 2018-07-10 21:24:26 +02:00
jvoisin 22e3918f67 Add pylint3 to the ci 2018-07-09 01:22:08 +02:00
jvoisin 080d6769ca Make pylint even happier 2018-07-09 01:11:44 +02:00
jvoisin 86fe3aa584 Fix the previous commit 2018-07-09 00:30:16 +02:00
jvoisin cc327b1592 Minor improvement of fedora's duration in the testsuite 2018-07-09 00:27:40 +02:00
jvoisin b4edd6d2a2 Document that MAT2 not being able to detect metadata doesn't mean that the file is clean 2018-07-09 00:17:59 +02:00
jvoisin bd357b85f8 Remove a useless option that was never implemented anyway 2018-07-09 00:13:16 +02:00
jvoisin 8c21006e6c Fix some pep8 issues spotted by pyflakes 2018-07-08 22:40:36 +02:00
jvoisin f49aa5cab7 Achieve 100% coverage! 2018-07-08 22:27:37 +02:00
jvoisin 52a2c800b7 Bump coverage again 2018-07-08 21:50:52 +02:00
jvoisin ad3e7ccee8 Bump coverage for office files and fix some related crashes 2018-07-08 21:35:45 +02:00
jvoisin ca01484126 Silence a mypy's stupid warning 2018-07-08 17:12:17 +02:00
jvoisin f9bc022c96 Add defusedxml as an (optional) way to prevent XML-based attacks 
Those attacks are DoS-only.
 2018-07-08 17:07:26 +02:00
jvoisin 72e1fda18d Remove a leftover print 2018-07-08 15:19:18 +02:00
jvoisin 3cd4f9111f Bump coverage for torrent handling 2018-07-08 15:13:03 +02:00
jvoisin b5fcddd6a6 Simplify how torrent files are handled 
- Rework the testsuite wrt. torrent
- fail at parser's instantiation on corrupted torrent,
  instead of during `get_meta` or `remove_all` call
 2018-07-08 13:49:11 +02:00
jvoisin 7ea362d908 Bump the coverage for pdf 2018-07-07 18:12:33 +02:00
jvoisin 85455a4419 Fix a mistake in office file revisions handling 2018-07-07 18:05:54 +02:00
jvoisin 9f631a1bb1 Bump a bit the coverage 2018-07-07 18:02:53 +02:00
jvoisin c2ef35d1f1 Bump the changelog 2018-07-06 01:00:14 +02:00
jvoisin 3d80f97524 Simplify BMP handling 2018-07-06 00:49:17 +02:00
jvoisin 53271495f7 Add support for .txt files 2018-07-06 00:42:09 +02:00
jvoisin 0638b9bbbb Document that we do like PEP8 2018-07-02 00:27:38 +02:00
jvoisin 893f58554a Improve a bit the formatting of the code thanks to pyflakes3 2018-07-02 00:22:05 +02:00
jvoisin 11008f8fd4 Improve a bit the README 2018-07-01 23:35:04 +02:00
jvoisin a430403c7e Document in our implementation notes how revisions are handled and why 2018-07-01 23:27:24 +02:00
jvoisin bee56a57ce Remove docx revisions 2018-07-01 23:16:14 +02:00
jvoisin 02f7605ac1 MAT2 is now cleaning revisions from odt files! 2018-07-01 21:09:20 +02:00
jvoisin 80fc4ffb40 Remove the thumbnails from libreoffice files 2018-07-01 17:29:05 +02:00
jvoisin 177184ac67 Massively simplify how we're cleaning office files 2018-06-27 21:48:46 +02:00
jvoisin f44769df41 Ensure Poppler's minimal version 
We're using methods that aren't available in Poppler
below 0.46, so we're checking for this upon import.

This commit is based on ideas from @LogicalDash ♥
 2018-06-24 22:40:57 +02:00
jvoisin 1e9906de29 Document that we tests against corrupted files 2018-06-22 21:21:03 +02:00
jvoisin 63b19416ef Pyflakes should run on the testsuite too 2018-06-22 21:18:22 +02:00
jvoisin 74f2d50433 Split the testsuite a bit and add more tests 2018-06-22 21:16:55 +02:00
jvoisin b4ef0c9622 Improve reliability against corrupted image files 2018-06-22 20:38:29 +02:00
jvoisin dfccf79f22 Bump the changelog 2018-06-21 23:34:12 +02:00
jvoisin 8810564b8e Fix some deprecated directives in the COTNRIBUTING.md file 2018-06-21 23:33:56 +02:00
jvoisin 5b38bd7ccd Improve the reliability of the office parser 2018-06-21 23:18:59 +02:00
jvoisin 846a261465 Fix some linter warnings 2018-06-21 23:07:21 +02:00
jvoisin 09e748fa4c Refactor how offices files are handled 
- xml files are no longer considered harmless
- Factorization of the `remove_all` method for office files
- Explicit whitelist are used
- Blacklist are used to skip files completely
  - Non-blacklisted files are _still cleaned_
  - Unsupported files are still triggering an error
 2018-06-21 23:02:41 +02:00
jvoisin a89dae054a Minor simplification of the office-related code 2018-06-21 21:24:53 +02:00
jvoisin c1f4426612 Improve the threat-model again, thanks to @joe 2018-06-20 00:10:21 +02:00
jvoisin 120c3bf72f Improve a bit our threat model 2018-06-19 23:39:06 +02:00
jvoisin 84277740a9 Add fedora in the CI 
refactor
 2018-06-19 00:01:28 +02:00
Antoine Tenart 3a776ff1ca README: software is always singular 
Fix on small typo. Cosmetic patch.

Signed-off-by: Antoine Tenart <antoine.tenart@ack.tf>
 2018-06-18 23:49:54 +02:00
Antoine Tenart cce5de82e5 libmat2: harmless: add the text/xml mime type 
Fedora defines the 'text/xml' mime type for xml files. Adds this mime
type to the harmless parser.

Fixes #36.

Signed-off-by: Antoine Tenart <antoine.tenart@ack.tf>
 2018-06-12 21:34:47 +02:00
Antoine Tenart 484e26dd9c libmat2: audio: add the audio/x-flac mime type 
The FLAC parser looks for the 'audio/flac' mime type, but Fedora
defines 'audio/x-flac' in /etc/mime.types for FLAC files. Add this mime
type to the audio parser.

Fixes #36.

Signed-off-by: Antoine Tenart <antoine.tenart@ack.tf>
 2018-06-12 21:34:47 +02:00
Antoine Tenart 3359f36b67 README: fix one typo 
Fixes one small typo in the README.

Signed-off-by: Antoine Tenart <antoine.tenart@ack.tf>
 2018-06-12 18:59:51 +02:00