indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Check svg favicons for dangerous scripts 

favicons typically are not svg format, but theoretically it could happen
main
Bob Mottram 2021-12-19 12:32:01 +00:00
parent 79d519ecff
commit 1aa2993bcc
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
newswire.py
View File

@ -18,6 +18,7 @@ from datetime import timezone
from collections import OrderedDict from collections import OrderedDict
from utils import validPostDate from utils import validPostDate
from categories import setHashtagCategory from categories import setHashtagCategory
from utils import dangerousSVG
from utils import getFavFilenameFromUrl from utils import getFavFilenameFromUrl
from utils import getBaseContentFromPost from utils import getBaseContentFromPost
from utils import hasObjectDict from utils import hasObjectDict
@ -176,6 +177,11 @@ def _downloadNewswireFeedFavicon(session, baseDir: str,
if not os.path.isdir(baseDir + '/favicons'): if not os.path.isdir(baseDir + '/favicons'):
os.mkdir(baseDir + '/favicons') os.mkdir(baseDir + '/favicons')
# check svg for dubious scripts
if favUrl.endswith('.svg'):
if dangerousSVG(imageData, False):
return False
# save to the cache # save to the cache
favFilename = getFavFilenameFromUrl(baseDir, favUrl) favFilename = getFavFilenameFromUrl(baseDir, favUrl)
if os.path.isfile(favFilename): if os.path.isfile(favFilename):
@ -186,6 +192,7 @@ def _downloadNewswireFeedFavicon(session, baseDir: str,
except OSError: except OSError:
print('EX: failed writing favicon ' + favFilename) print('EX: failed writing favicon ' + favFilename)
return False return False
return True return True