Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support right to left override character #13

Merged
merged 2 commits into from
Mar 18, 2017
Merged

Support right to left override character #13

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
71bcc79
Remove rtl override char from file dst_path
dputtick Mar 16, 2017
2a5decf
Add rtl sample file to src_invalid
dputtick Mar 16, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 25 additions & 8 deletions bin/filecheck.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,11 +130,14 @@ def _check_dangerous(self):
self.make_dangerous('malicious_extension')

def _check_extension(self):
"""Guesses the file's mimetype based on its extension. If the file's
mimetype (as determined by libmagic) is contained in the mimetype
module's list of valid mimetypes and the expected mimetype based on its
extension differs from the mimetype determined by libmagic, then it
marks the file as dangerous."""
"""
Guess the file's mimetype based on its extension.

If the file's mimetype (as determined by libmagic) is contained in
the `mimetype` module's list of valid mimetypes and the expected
mimetype based on its extension differs from the mimetype determined
by libmagic, then mark the file as dangerous.
"""
if self.extension in Config.override_ext:
expected_mimetype = Config.override_ext[self.extension]
else:
Expand All @@ -148,9 +151,12 @@ def _check_extension(self):
self.make_dangerous('expected_mimetype')

def _check_mimetype(self):
"""Takes the mimetype (as determined by libmagic) and determines
whether the list of extensions that are normally associated with
that extension contains the file's actual extension."""
"""
Compare mimetype (as determined by libmagic) to extension.

Determine whether the extension that are normally associated with
the mimetype include the file's actual extension.
"""
if self.mimetype in Config.aliases:
mimetype = Config.aliases[self.mimetype]
else:
Expand All @@ -162,8 +168,19 @@ def _check_mimetype(self):
# LOG: improve this string
self.make_dangerous('expected extensions')

def _check_filename(self):
if self.filename[0] is '.':
# handle dotfiles
pass
right_to_left_override = u"\u202E"
if right_to_left_override in self.filename:
self.make_dangerous('Filename contains dangerous character')
self.dst_path = self.dst_path.replace(right_to_left_override, '')
# TODO: change self.filename and'filename' property?

def check(self):
self._check_dangerous()
self._check_filename()
if self.has_extension:
self._check_extension()
if self.has_mimetype:
Expand Down
1 change: 1 addition & 0 deletions tests/src_invalid/testRTL‮exe.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
RTL test file generated by D. Puttick