CIRCL
/
PyCIRCLean
mirror of https://github.com/CIRCL/PyCIRCLean
2
0
Fork 0
Code Issues Releases Wiki Activity

Fix logging and symlinks 

Fix PCL-01-006
pull/17/merge
Raphaël Vinot 2017-06-16 14:47:53 +02:00
parent 8c007e28cf
commit 40f71e758f
1 changed files with 16 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
bin/filecheck.py
View File

@ -84,6 +84,8 @@ class Config:
# It works as expected if you do mimetypes.guess_type('application/gzip', strict=False) # It works as expected if you do mimetypes.guess_type('application/gzip', strict=False)
override_ext = {'.gz': 'application/gzip'} override_ext = {'.gz': 'application/gzip'}
ignored_mimes = ['inode', 'model', 'multipart', 'example']
class File(FileBase): class File(FileBase):
@ -181,6 +183,10 @@ class File(FileBase):
# TODO: change self.filename and'filename' property? Or should those reflect the values on the source key # TODO: change self.filename and'filename' property? Or should those reflect the values on the source key
def check(self): def check(self):
if self.main_type in Config.ignored_mimes:
self.should_copy = False
self.mime_processing_options.get(self.main_type, self.unknown)()
else:
self._check_dangerous() self._check_dangerous()
self._check_filename() self._check_filename()
if self.has_extension: if self.has_extension:
@ -230,22 +236,18 @@ class File(FileBase):
self.add_description('File is a symlink to {}'.format(symlink_path)) self.add_description('File is a symlink to {}'.format(symlink_path))
else: else:
self.add_description('File is an inode (empty file)') self.add_description('File is an inode (empty file)')
self.should_copy = False
def unknown(self): def unknown(self):
"""Main type should never be unknown.""" """Main type should never be unknown."""
self.add_description('Unknown mimetype') self.add_description('Unknown mimetype')
self.should_copy = False
def example(self): def example(self):
"""Used in examples, should never be returned by libmagic.""" """Used in examples, should never be returned by libmagic."""
self.add_description('Example file') self.add_description('Example file')
self.should_copy = False
def multipart(self): def multipart(self):
"""Used in web apps, should never be returned by libmagic""" """Used in web apps, should never be returned by libmagic"""
self.add_description('Multipart file - usually found in web apps') self.add_description('Multipart file - usually found in web apps')
self.should_copy = False
# ##### Treated as malicious, no reason to have it on a USB key ###### # ##### Treated as malicious, no reason to have it on a USB key ######
def message(self): def message(self):
@ -338,6 +340,8 @@ class File(FileBase):
self.make_dangerous('Ooxml file with embedded objects') self.make_dangerous('Ooxml file with embedded objects')
if len(doc.features.embedded_packages) > 0: if len(doc.features.embedded_packages) > 0:
self.make_dangerous('Ooxml file with embedded packages') self.make_dangerous('Ooxml file with embedded packages')
if not self.is_dangerous:
self.add_description('OOXML file')
def _libreoffice(self): def _libreoffice(self):
"""Process a libreoffice file.""" """Process a libreoffice file."""