CIRCL
/
PyCIRCLean
mirror of https://github.com/CIRCL/PyCIRCLean
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #13 from dputtick/rtl-char 

Support right to left override character
pull/15/head
Raphaël Vinot 2017-03-18 09:47:13 +01:00 committed by GitHub
parent 79b15fd7da 2a5decf0ad
commit bfc6694cd1
2 changed files with 26 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
bin/filecheck.py
View File

@ -130,11 +130,14 @@ class File(FileBase):
self.make_dangerous('malicious_extension') self.make_dangerous('malicious_extension')
def _check_extension(self): def _check_extension(self):
"""Guesses the file's mimetype based on its extension. If the file's """
mimetype (as determined by libmagic) is contained in the mimetype Guess the file's mimetype based on its extension.
module's list of valid mimetypes and the expected mimetype based on its
extension differs from the mimetype determined by libmagic, then it If the file's mimetype (as determined by libmagic) is contained in
marks the file as dangerous.""" the `mimetype` module's list of valid mimetypes and the expected
mimetype based on its extension differs from the mimetype determined
by libmagic, then mark the file as dangerous.
"""
if self.extension in Config.override_ext: if self.extension in Config.override_ext:
expected_mimetype = Config.override_ext[self.extension] expected_mimetype = Config.override_ext[self.extension]
else: else:
@ -148,9 +151,12 @@ class File(FileBase):
self.make_dangerous('expected_mimetype') self.make_dangerous('expected_mimetype')
def _check_mimetype(self): def _check_mimetype(self):
"""Takes the mimetype (as determined by libmagic) and determines """
whether the list of extensions that are normally associated with Compare mimetype (as determined by libmagic) to extension.
that extension contains the file's actual extension."""
Determine whether the extension that are normally associated with
the mimetype include the file's actual extension.
"""
if self.mimetype in Config.aliases: if self.mimetype in Config.aliases:
mimetype = Config.aliases[self.mimetype] mimetype = Config.aliases[self.mimetype]
else: else:
@ -162,8 +168,19 @@ class File(FileBase):
# LOG: improve this string # LOG: improve this string
self.make_dangerous('expected extensions') self.make_dangerous('expected extensions')
def _check_filename(self):
if self.filename[0] is '.':
# handle dotfiles
pass
right_to_left_override = u"\u202E"
if right_to_left_override in self.filename:
self.make_dangerous('Filename contains dangerous character')
self.dst_path = self.dst_path.replace(right_to_left_override, '')
# TODO: change self.filename and'filename' property?
def check(self): def check(self):
self._check_dangerous() self._check_dangerous()
self._check_filename()
if self.has_extension: if self.has_extension:
self._check_extension() self._check_extension()
if self.has_mimetype: if self.has_mimetype:

1
tests/src_invalid/testRTL‮exe.txt Normal file
View File

@ -0,0 +1 @@
RTL test file generated by D. Puttick