indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Check svg favicons for dangerous scripts 

favicons typically are not svg format, but theoretically it could happen
main
Bob Mottram 2021-12-19 12:32:01 +00:00
parent 79d519ecff
commit 1aa2993bcc
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
newswire.py
View File

@ -18,6 +18,7 @@ from datetime import timezone
from collections import OrderedDict
from utils import validPostDate
from categories import setHashtagCategory
from utils import dangerousSVG
from utils import getFavFilenameFromUrl
from utils import getBaseContentFromPost
from utils import hasObjectDict
@ -176,6 +177,11 @@ def _downloadNewswireFeedFavicon(session, baseDir: str,
if not os.path.isdir(baseDir + '/favicons'):
os.mkdir(baseDir + '/favicons')
# check svg for dubious scripts
if favUrl.endswith('.svg'):
if dangerousSVG(imageData, False):
return False
# save to the cache
favFilename = getFavFilenameFromUrl(baseDir, favUrl)
if os.path.isfile(favFilename):
@ -186,6 +192,7 @@ def _downloadNewswireFeedFavicon(session, baseDir: str,
except OSError:
print('EX: failed writing favicon ' + favFilename)
return False
return True