From 32a9197b88b781c07ec9f46ef9d14f9f75422fac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Thu, 21 Dec 2017 13:29:09 +0100
Subject: [PATCH] fix: Properly handle images and directories

---
 filecheck/filecheck.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/filecheck/filecheck.py b/filecheck/filecheck.py
index 891d2b2..33ef626 100644
--- a/filecheck/filecheck.py
+++ b/filecheck/filecheck.py
@@ -240,7 +240,10 @@ class File(FileBase):
             self.make_dangerous('Extension identifies file as potentially dangerous')
 
     def _compute_random_hashes(self):
-        """Compute a random amount of hashes at random positions in the file to ensure integrity after the copy"""
+        """Compute a random amount of hashes at random positions in the file to ensure integrity after the copy (mitigate TOCTOU attacks)"""
+        if self.maintype == 'image' or os.path.isdir(self.src_path):
+            # Images are converted, no need to compute the hashes
+            return
         self.random_hashes = []
         if self.size < 64:
             # hash the whole file
@@ -262,6 +265,10 @@ class File(FileBase):
                 time.sleep(random.uniform(0.1, 0.5))  # Add a random sleep length
 
     def _validate_random_hashes(self):
+        """Validate hashes computed by _compute_random_hashes"""
+        if self.maintype == 'image' or os.path.isdir(self.src_path):
+            # Images are converted, we don't have to fear TOCTOU
+            return True
         for start_pos, hashed_src in self.random_hashes:
             with open(self.dst_path, 'rb') as f:
                 f.seek(start_pos)