Compare revisions

2b58eece · 2b58eece · 2b58eece · 2b58eece · 2b58eece · 2b58eece
--- a/tests/data/dirty.flac
+++ b/tests/data/dirty.flac
--- a/tests/data/dirty.gif
+++ b/tests/data/dirty.gif
--- a/tests/data/dirty.heic
+++ b/tests/data/dirty.heic
--- a/tests/data/dirty.html
+++ b/tests/data/dirty.html
+<html>
+	<head>
+		<meta content="vim" name="generator"/>
+		<meta content="jvoisin" name="author"/>
+</head>
+<body>
+	<p>
+		<h1>Hello</h1>
+		I am a web page.
+		Please <b>love</b> me.
+		Here, have a pretty picture: <img src='dirty.jpg' alt='a pretty picture'/>
+	</p>
+</body>
+</html>
--- a/tests/data/dirty.mp4
+++ b/tests/data/dirty.mp4
--- a/tests/data/dirty.ppm
+++ b/tests/data/dirty.ppm
+P3
+# A metadata
+3 2 1
+1 0 1   0 1 0   0 0 1
+# And an other one
+1 1 0   1 0 1   1 0 0
+  # and a final one here
+
--- a/tests/data/dirty.svg
+++ b/tests/data/dirty.svg
--- a/tests/data/dirty.wav
+++ b/tests/data/dirty.wav
--- a/tests/data/dirty.webp
+++ b/tests/data/dirty.webp
--- a/tests/data/dirty.wmv
+++ b/tests/data/dirty.wmv
--- a/tests/data/dirty_with_nsid.docx
+++ b/tests/data/dirty_with_nsid.docx
--- a/tests/data/embedded.docx
+++ b/tests/data/embedded.docx
--- a/tests/data/embedded.odt
+++ b/tests/data/embedded.odt
--- a/tests/data/malformed_content_types.docx
+++ b/tests/data/malformed_content_types.docx
--- a/tests/data/narrated_powerpoint_presentation.pptx
+++ b/tests/data/narrated_powerpoint_presentation.pptx
--- a/tests/data/no_content_types.docx
+++ b/tests/data/no_content_types.docx
--- a/tests/data/office_revision_session_ids.docx
+++ b/tests/data/office_revision_session_ids.docx
--- a/tests/data/weird.svg
+++ b/tests/data/weird.svg
--- a/tests/fuzz.py
+++ b/tests/fuzz.py
+import mimetypes
+import os
+import sys
+
+sys.path.append('..')
+
+import atheris
+
+with atheris.instrument_imports(enable_loader_override=False):
+    from libmat2 import parser_factory, UNSUPPORTED_EXTENSIONS
+
+extensions = set()
+for parser in parser_factory._get_parsers():  # type: ignore
+    for mtype in parser.mimetypes:
+        if mtype.startswith('video'):
+            continue
+        if 'aif' in mtype:
+            continue
+        if 'wav' in mtype:
+            continue
+        if 'gif' in mtype:
+            continue
+        if 'aifc' in mtype:
+            continue
+        for extension in mimetypes.guess_all_extensions(mtype):
+            if extension not in UNSUPPORTED_EXTENSIONS:
+                extensions.add(extension)
+extensions = list(extensions)
+
+
+
+def TestOneInput(data):
+    fdp = atheris.FuzzedDataProvider(data)
+    extension = fdp.PickValueInList(extensions)
+    data = fdp.ConsumeBytes(sys.maxsize)
+
+    fname = '/tmp/mat2_fuzz' + extension
+
+    with open(fname, 'wb') as f:
+        f.write(data)
+    try:
+        p, _ = parser_factory.get_parser(fname)
+        if p:
+            p.sandbox = False
+            p.get_meta()
+            p.remove_all()
+            p, _ = parser_factory.get_parser(fname)
+            p.get_meta()
+    except ValueError:
+        pass
+    os.remove(fname)
+
+atheris.Setup(sys.argv, TestOneInput)
+atheris.Fuzz()
--- a/tests/test_climat2.py
+++ b/tests/test_climat2.py
+import random
 import os
 import shutil
+import stat
 import subprocess
 import unittest
+import glob
+
+from libmat2 import images, parser_factory
+
+
+mat2_binary = ['./mat2']
+
+if 'MAT2_GLOBAL_PATH_TESTSUITE' in os.environ:
+    # Debian runs tests after installing the package
+    # https://0xacab.org/jvoisin/mat2/issues/16#note_153878
+    mat2_binary = ['/usr/bin/env', 'mat2']


 class TestHelp(unittest.TestCase):
    def test_help(self):
-        proc = subprocess.Popen(['./mat2', '--help'], stdout=subprocess.PIPE)
+        proc = subprocess.Popen(mat2_binary + ['--help'], stdout=subprocess.PIPE)
        stdout, _ = proc.communicate()
-        self.assertIn(b'usage: mat2 [-h] [-v] [-l] [-c] [-V] [-u POLICY] [-s | -L] [files [files ...]]',
-                      stdout)
+        self.assertIn(b'mat2 [-h] [-V]', stdout)
+        self.assertIn(b'[--unknown-members policy]', stdout)
+        self.assertIn(b'[--inplace]', stdout)
+        self.assertIn(b'[--no-sandbox]', stdout)
+        self.assertIn(b' [-v] [-l]', stdout)
+        self.assertIn(b'[--check-dependencies]', stdout)
+        self.assertIn(b'[-L | -s]', stdout)
+        self.assertIn(b'[files ...]', stdout)

    def test_no_arg(self):
-        proc = subprocess.Popen(['./mat2'], stdout=subprocess.PIPE)
+        proc = subprocess.Popen(mat2_binary, stdout=subprocess.PIPE)
        stdout, _ = proc.communicate()
-        self.assertIn(b'usage: mat2 [-h] [-v] [-l] [-c] [-V] [-u POLICY] [-s | -L] [files [files ...]]',
-                      stdout)
+        self.assertIn(b'mat2 [-h] [-V]', stdout)
+        self.assertIn(b'[--unknown-members policy]', stdout)
+        self.assertIn(b'[--inplace]', stdout)
+        self.assertIn(b'[--no-sandbox]', stdout)
+        self.assertIn(b' [-v] [-l] [--check-dependencies] [-L | -s]', stdout)
+        self.assertIn(b'[files ...]', stdout)


 class TestVersion(unittest.TestCase):
    def test_version(self):
-        proc = subprocess.Popen(['./mat2', '--version'], stdout=subprocess.PIPE)
+        proc = subprocess.Popen(mat2_binary + ['--version'], stdout=subprocess.PIPE)
        stdout, _ = proc.communicate()
-        self.assertTrue(stdout.startswith(b'MAT2 '))
+        self.assertTrue(stdout.startswith(b'mat2 '))
+

 class TestDependencies(unittest.TestCase):
    def test_dependencies(self):
-        proc = subprocess.Popen(['./mat2', '--check-dependencies'], stdout=subprocess.PIPE)
+        proc = subprocess.Popen(mat2_binary + ['--check-dependencies'], stdout=subprocess.PIPE)
        stdout, _ = proc.communicate()
-        self.assertTrue(b'MAT2' in stdout)
+        self.assertTrue(b'mat2' in stdout)
+

 class TestReturnValue(unittest.TestCase):
    def test_nonzero(self):
-        ret = subprocess.call(['./mat2', './mat2'], stdout=subprocess.DEVNULL)
+        ret = subprocess.call(mat2_binary + ['mat2'], stdout=subprocess.DEVNULL)
        self.assertEqual(255, ret)

-        ret = subprocess.call(['./mat2', '--whololo'], stderr=subprocess.DEVNULL)
+        ret = subprocess.call(mat2_binary + ['--whololo'], stderr=subprocess.DEVNULL)
        self.assertEqual(2, ret)

    def test_zero(self):
-        ret = subprocess.call(['./mat2'], stdout=subprocess.DEVNULL)
+        ret = subprocess.call(mat2_binary, stdout=subprocess.DEVNULL)
        self.assertEqual(0, ret)

-        ret = subprocess.call(['./mat2', '--show', './mat2'], stdout=subprocess.DEVNULL)
+        ret = subprocess.call(mat2_binary + ['--show', 'mat2'], stdout=subprocess.DEVNULL)
        self.assertEqual(0, ret)


 class TestCleanFolder(unittest.TestCase):
    def test_jpg(self):
-        os.mkdir('./tests/data/folder/')
+        try:
+            os.mkdir('./tests/data/folder/')
+        except FileExistsError:
+            pass
        shutil.copy('./tests/data/dirty.jpg', './tests/data/folder/clean1.jpg')
        shutil.copy('./tests/data/dirty.jpg', './tests/data/folder/clean2.jpg')

-        proc = subprocess.Popen(['./mat2', '--show', './tests/data/folder/'],
+        proc = subprocess.Popen(mat2_binary + ['--show', './tests/data/folder/'],
                stdout=subprocess.PIPE)
        stdout, _ = proc.communicate()
        self.assertIn(b'Comment: Created with GIMP', stdout)

-        proc = subprocess.Popen(['./mat2', './tests/data/folder/'],
+        proc = subprocess.Popen(mat2_binary + ['./tests/data/folder/'],
                stdout=subprocess.PIPE)
        stdout, _ = proc.communicate()

        os.remove('./tests/data/folder/clean1.jpg')
        os.remove('./tests/data/folder/clean2.jpg')

-        proc = subprocess.Popen(['./mat2', '--show', './tests/data/folder/'],
+        proc = subprocess.Popen(mat2_binary + ['--show', './tests/data/folder/'],
                stdout=subprocess.PIPE)
        stdout, _ = proc.communicate()
        self.assertNotIn(b'Comment: Created with GIMP', stdout)
+        self.assertIn(b'No metadata found', stdout)

        shutil.rmtree('./tests/data/folder/')


-
 class TestCleanMeta(unittest.TestCase):
    def test_jpg(self):
        shutil.copy('./tests/data/dirty.jpg', './tests/data/clean.jpg')

-        proc = subprocess.Popen(['./mat2', '--show', './tests/data/clean.jpg'],
+        proc = subprocess.Popen(mat2_binary + ['--show', './tests/data/clean.jpg'],
                stdout=subprocess.PIPE)
        stdout, _ = proc.communicate()
        self.assertIn(b'Comment: Created with GIMP', stdout)

-        proc = subprocess.Popen(['./mat2', './tests/data/clean.jpg'],
+        proc = subprocess.Popen(mat2_binary + ['./tests/data/clean.jpg'],
                stdout=subprocess.PIPE)
        stdout, _ = proc.communicate()

-        proc = subprocess.Popen(['./mat2', '--show', './tests/data/clean.cleaned.jpg'],
+        proc = subprocess.Popen(mat2_binary + ['--show', './tests/data/clean.cleaned.jpg'],
                stdout=subprocess.PIPE)
        stdout, _ = proc.communicate()
        self.assertNotIn(b'Comment: Created with GIMP', stdout)

        os.remove('./tests/data/clean.jpg')

+    def test_jpg_nosandbox(self):
+        shutil.copy('./tests/data/dirty.jpg', './tests/data/clean.jpg')
+
+        proc = subprocess.Popen(mat2_binary + ['--show', '--no-sandbox', './tests/data/clean.jpg'],
+                stdout=subprocess.PIPE)
+        stdout, _ = proc.communicate()
+        self.assertIn(b'Comment: Created with GIMP', stdout)
+
+        proc = subprocess.Popen(mat2_binary + ['./tests/data/clean.jpg'],
+                stdout=subprocess.PIPE)
+        stdout, _ = proc.communicate()
+
+        proc = subprocess.Popen(mat2_binary + ['--show', './tests/data/clean.cleaned.jpg'],
+                stdout=subprocess.PIPE)
+        stdout, _ = proc.communicate()
+        self.assertNotIn(b'Comment: Created with GIMP', stdout)
+
+        os.remove('./tests/data/clean.jpg')
+        os.remove('./tests/data/clean.cleaned.jpg')
+
+
+class TestCopyPermissions(unittest.TestCase):
+    def test_jpg_777(self):
+        shutil.copy('./tests/data/dirty.jpg', './tests/data/clean.jpg')
+        os.chmod('./tests/data/clean.jpg', 0o777)
+
+        proc = subprocess.Popen(mat2_binary + ['--show', './tests/data/clean.jpg'],
+                stdout=subprocess.PIPE)
+        stdout, _ = proc.communicate()
+        self.assertIn(b'Comment: Created with GIMP', stdout)
+
+        proc = subprocess.Popen(mat2_binary + ['./tests/data/clean.jpg'],
+                stdout=subprocess.PIPE)
+        stdout, _ = proc.communicate()
+
+        proc = subprocess.Popen(mat2_binary + ['--show', './tests/data/clean.cleaned.jpg'],
+                stdout=subprocess.PIPE)
+        stdout, _ = proc.communicate()
+        self.assertNotIn(b'Comment: Created with GIMP', stdout)
+
+        permissions = os.stat('./tests/data/clean.cleaned.jpg')[stat.ST_MODE]
+        self.assertEqual(permissions, 0o100777)
+
+        os.remove('./tests/data/clean.jpg')
+        os.remove('./tests/data/clean.cleaned.jpg')
+

 class TestIsSupported(unittest.TestCase):
    def test_pdf(self):
-        proc = subprocess.Popen(['./mat2', '--show', './tests/data/dirty.pdf'],
+        proc = subprocess.Popen(mat2_binary + ['--show', './tests/data/dirty.pdf'],
                stdout=subprocess.PIPE)
        stdout, _ = proc.communicate()
        self.assertNotIn(b"isn't supported", stdout)

 class TestGetMeta(unittest.TestCase):
+    maxDiff = None
+
    def test_pdf(self):
-        proc = subprocess.Popen(['./mat2', '--show', './tests/data/dirty.pdf'],
+        proc = subprocess.Popen(mat2_binary + ['--show', './tests/data/dirty.pdf'],
                stdout=subprocess.PIPE)
        stdout, _ = proc.communicate()
-        self.assertIn(b'producer: pdfTeX-1.40.14', stdout)
+        self.assertIn(b'Producer: pdfTeX-1.40.14', stdout)

    def test_png(self):
-        proc = subprocess.Popen(['./mat2', '--show', './tests/data/dirty.png'],
+        proc = subprocess.Popen(mat2_binary + ['--show', './tests/data/dirty.png'],
                stdout=subprocess.PIPE)
        stdout, _ = proc.communicate()
        self.assertIn(b'Comment: This is a comment, be careful!', stdout)

    def test_jpg(self):
-        proc = subprocess.Popen(['./mat2', '--show', './tests/data/dirty.jpg'],
+        proc = subprocess.Popen(mat2_binary + ['--show', './tests/data/dirty.jpg'],
                stdout=subprocess.PIPE)
        stdout, _ = proc.communicate()
        self.assertIn(b'Comment: Created with GIMP', stdout)

    def test_docx(self):
-        proc = subprocess.Popen(['./mat2', '--show', './tests/data/dirty.docx'],
+        proc = subprocess.Popen(mat2_binary + ['--show', './tests/data/dirty.docx'],
                stdout=subprocess.PIPE)
        stdout, _ = proc.communicate()
        self.assertIn(b'Application: LibreOffice/5.4.5.1$Linux_X86_64', stdout)
@@ -129,7 +205,7 @@ class TestGetMeta(unittest.TestCase):
        self.assertIn(b'revision: 1', stdout)

    def test_odt(self):
-        proc = subprocess.Popen(['./mat2', '--show', './tests/data/dirty.odt'],
+        proc = subprocess.Popen(mat2_binary + ['--show', './tests/data/dirty.odt'],
                stdout=subprocess.PIPE)
        stdout, _ = proc.communicate()
        self.assertIn(b'generator: LibreOffice/3.3$Unix', stdout)
@@ -137,25 +213,126 @@ class TestGetMeta(unittest.TestCase):
        self.assertIn(b'date_time: 2011-07-26 02:40:16', stdout)

    def test_mp3(self):
-        proc = subprocess.Popen(['./mat2', '--show', './tests/data/dirty.mp3'],
+        proc = subprocess.Popen(mat2_binary + ['--show', './tests/data/dirty.mp3'],
                stdout=subprocess.PIPE)
        stdout, _ = proc.communicate()
        self.assertIn(b'TALB: harmfull', stdout)
        self.assertIn(b'COMM::: Thank you for using MAT !', stdout)

    def test_flac(self):
-        proc = subprocess.Popen(['./mat2', '--show', './tests/data/dirty.flac'],
-                stdout=subprocess.PIPE)
+        proc = subprocess.Popen(mat2_binary + ['--show', './tests/data/dirty.flac'],
+                stdout=subprocess.PIPE, bufsize=0)
        stdout, _ = proc.communicate()
        self.assertIn(b'comments: Thank you for using MAT !', stdout)
        self.assertIn(b'genre: Python', stdout)
        self.assertIn(b'title: I am so', stdout)

    def test_ogg(self):
-        proc = subprocess.Popen(['./mat2', '--show', './tests/data/dirty.ogg'],
+        proc = subprocess.Popen(mat2_binary + ['--show', './tests/data/dirty.ogg'],
                stdout=subprocess.PIPE)
        stdout, _ = proc.communicate()
        self.assertIn(b'comments: Thank you for using MAT !', stdout)
        self.assertIn(b'genre: Python', stdout)
        self.assertIn(b'i am a : various comment', stdout)
        self.assertIn(b'artist: jvoisin', stdout)
+
+    def test_webp(self):
+        proc = subprocess.Popen(mat2_binary + ['--show', './tests/data/dirty.webp'],
+                stdout=subprocess.PIPE)
+        stdout, _ = proc.communicate()
+        self.assertIn(b'Warning: [minor] Improper EXIF header', stdout)
+
+class TestControlCharInjection(unittest.TestCase):
+    def test_jpg(self):
+        proc = subprocess.Popen(mat2_binary + ['--show', './tests/data/control_chars.jpg'],
+                stdout=subprocess.PIPE)
+        stdout, _ = proc.communicate()
+        self.assertIn(b'Comment: GQ\n', stdout)
+
+
+class TestCommandLineParallel(unittest.TestCase):
+    iterations = 24
+
+    def test_same(self):
+        for i in range(self.iterations):
+            shutil.copy('./tests/data/dirty.jpg', './tests/data/dirty_%d.jpg' % i)
+
+        proc = subprocess.Popen(mat2_binary + ['./tests/data/dirty_%d.jpg' % i for i in range(self.iterations)],
+                stdout=subprocess.PIPE)
+        stdout, _ = proc.communicate()
+
+        for i in range(self.iterations):
+            path = './tests/data/dirty_%d.jpg' % i
+            p = images.JPGParser('./tests/data/dirty_%d.cleaned.jpg' % i)
+            self.assertEqual(p.get_meta(), {})
+            os.remove('./tests/data/dirty_%d.cleaned.jpg' % i)
+            os.remove(path)
+
+    def test_different(self):
+        src = './tests/data/'
+        dst = './tests/data/parallel'
+        shutil.copytree(src, dst)
+
+        proc = subprocess.Popen(mat2_binary + glob.glob('./tests/data/parallel/dirty.*'),
+                stdout=subprocess.PIPE)
+        stdout, _ = proc.communicate()
+
+        for i in glob.glob('./test/data/parallel/dirty.cleaned.*'):
+            p, mime = parser_factory.get_parser(i)
+            self.assertIsNotNone(mime)
+            self.assertIsNotNone(p)
+            p = parser_factory.get_parser(p.output_filename)
+            self.assertEqual(p.get_meta(), {})
+        shutil.rmtree('./tests/data/parallel/')
+
+    def test_faulty(self):
+        for i in range(self.iterations):
+            shutil.copy('./tests/data/dirty.jpg', './tests/data/dirty_%d.jpg' % i)
+            shutil.copy('./tests/data/dirty.torrent', './tests/data/dirty_%d.docx' % i)
+
+        to_process = ['./tests/data/dirty_%d.jpg' % i for i in range(self.iterations)]
+        to_process.extend(['./tests/data/dirty_%d.docx' % i for i in range(self.iterations)])
+        random.shuffle(to_process)
+        proc = subprocess.Popen(mat2_binary + to_process,
+                stdout=subprocess.PIPE)
+        stdout, _ = proc.communicate()
+
+        for i in range(self.iterations):
+            path = './tests/data/dirty_%d.jpg' % i
+            p = images.JPGParser('./tests/data/dirty_%d.cleaned.jpg' % i)
+            self.assertEqual(p.get_meta(), {})
+            os.remove('./tests/data/dirty_%d.cleaned.jpg' % i)
+            os.remove(path)
+            os.remove('./tests/data/dirty_%d.docx' % i)
+
+
+class TestInplaceCleaning(unittest.TestCase):
+    def test_cleaning(self):
+        shutil.copy('./tests/data/dirty.jpg', './tests/data/clean.jpg')
+        proc = subprocess.Popen(mat2_binary + ['--inplace', './tests/data/clean.jpg'],
+                stdout=subprocess.PIPE)
+        stdout, _ = proc.communicate()
+        proc = subprocess.Popen(mat2_binary + ['--show', './tests/data/clean.jpg'],
+                stdout=subprocess.PIPE)
+        stdout, _ = proc.communicate()
+        self.assertIn(b'  No metadata found in ./tests/data/clean.jpg.\n', stdout)
+        os.remove('./tests/data/clean.jpg')
+
+    def test_cleaning_multiple_one_fails(self):
+        files = ['./tests/data/clean_%d.jpg' % i for i in range(9)]
+        for f in files:
+            shutil.copy('./tests/data/dirty.jpg', f)
+        shutil.copy('./tests/data/dirty.torrent', './tests/data/clean_9.jpg')
+
+        proc = subprocess.Popen(mat2_binary + ['--inplace'] + files,
+                stdout=subprocess.PIPE)
+        stdout, _ = proc.communicate()
+
+        for f in files:
+            p = images.JPGParser(f)
+            meta = p.get_meta()
+            self.assertEqual(meta, {})
+
+        for i in range(10):
+            os.remove('./tests/data/clean_%d.jpg' % i)
+
No results found