ansible/flaskpaste
1
0
Fork 0
forked from claw/flaskpaste
Code Pull Requests Activity

simplify MIME detection to text/binary only

Browse Source 
Remove magic byte detection in favor of simple UTF-8 validation:
- text/plain for valid UTF-8 content
- application/octet-stream for binary data

Security maintained via headers (X-Content-Type-Options: nosniff, CSP).
Magic signatures preserved as comments for future reference.

Disabled test files:
- test_mime_detection.py.disabled (magic-dependent tests)
- test_polyglot.py.disabled (polyglot format tests)

For full MIME detection, consider using the `filetype` library.
This commit is contained in:
Username
2025-12-26 18:44:24 +01:00
parent fb45005766
commit 3cda73c8b0
6 changed files with 64 additions and 181 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
tests/test_abuse_prevention.py
View File

@@ -296,24 +296,26 @@ class TestBinaryRequirement:
assert data["detected"] == "text/plain"
assert "hint" in data
def test_png_rejected(self, binary_client):
"""PNG magic bytes should be rejected."""
def test_png_accepted_as_binary(self, binary_client):
"""PNG content accepted as unrecognized binary (magic detection disabled)."""
# PNG signature: 89 50 4E 47 0D 0A 1A 0A
png_content = b"\x89PNG\r\n\x1a\n" + b"\x00" * 100
response = binary_client.post("/", data=png_content)
assert response.status_code == 400
# With magic detection disabled, PNG bytes are just binary
assert response.status_code == 201
data = response.get_json()
assert data["detected"] == "image/png"
assert data["mime_type"] == "application/octet-stream"
def test_jpeg_rejected(self, binary_client):
"""JPEG magic bytes should be rejected."""
def test_jpeg_accepted_as_binary(self, binary_client):
"""JPEG content accepted as unrecognized binary (magic detection disabled)."""
jpeg_content = b"\xff\xd8\xff" + b"\x00" * 100
response = binary_client.post("/", data=jpeg_content)
assert response.status_code == 400
# With magic detection disabled, JPEG bytes are just binary
assert response.status_code == 201
data = response.get_json()
assert data["detected"] == "image/jpeg"
assert data["mime_type"] == "application/octet-stream"
def test_random_binary_accepted(self, binary_client):
"""Random binary data (encrypted) should be accepted."""