mat2 issueshttps://0xacab.org/jvoisin/mat2/-/issues2018-06-21T21:36:02Zhttps://0xacab.org/jvoisin/mat2/-/issues/38Warn the user of "harmless" filetypes2018-06-21T21:36:02ZZachary SpectorWarn the user of "harmless" filetypesmat2 currently considers plain application/xml files as being free of metadata, when it's really entirely possible that an XML file could have metadata in a schema that we don't know about. We can't support every possible schema, of cour...mat2 currently considers plain application/xml files as being free of metadata, when it's really entirely possible that an XML file could have metadata in a schema that we don't know about. We can't support every possible schema, of course, but currently the tool runs the same way whether it's actually removing metadata or it isn't, and this could result in someone getting a false sense of security.
I'm imagining someone wanting to leak some in-house, totally undocumented schema in a hurry; knowing what metadata is; but not knowing a lot about how file formats really work. That person might run mat2 on their file and think it's clean. We should tell them not to assume this.0.1.2 - Duckjvoisinjvoisinhttps://0xacab.org/jvoisin/mat2/-/issues/30Deal with the fact that Python is idiotic with regard to zip files and path t...2018-06-21T21:36:01ZjvoisinDeal with the fact that Python is idiotic with regard to zip files and path traversalBecause Python3's stdlib think that it's ok in 2018 to be vulnerable to path traversal upon zip extraction, we should take care of this.Because Python3's stdlib think that it's ok in 2018 to be vulnerable to path traversal upon zip extraction, we should take care of this.0.1.2 - Duck