clalancette
commented
2 years ago Sorry for the delay in answering. Glad to hear that you are using pycdlib.
In general, I've been resistant to adding an option to disable checks and allow more "bad" ISOs through. What it ends up meaning is that users will just always set it to be as relaxed as possible, making it the defacto default mode.
Instead, up until this point my tactic has been to just relax checks as people have run into them. That has seemed to work fairly well until now. My suggestion here is that you open individual pull requests for each of the checks you'd like to disable. We can then evaluate them on a case-by-case basis and see which ones make sense. At the end of that, if we still can't come to an agreement about certain checks, we can consider adding an option. But I consider that a last resort.
Let me know if that makes sense to you.
My employer uses pycdlib as part of an automated toolchain to analyze e-mail attachments. We have started seeing malware distributed in malformed ISO files that pycdlib is capable of reading if certain checks are disabled.
It would be wonderful to have an option to disable these checks when opening an ISO file.
I understand that disabling these checks may result in garbage data, unexpected failures, and all sorts of fun. I understand that it may cause pycdlib to have to make assumptions (e.g. if LE and BE values disagree, assume the LE ones are correct). But sometimes that's OK.
If such an option could be added to pycdlib, I can provide our local patches that disable a number of checks on a per-PyCdlib instance basis. I suspect we may disable checks that can't be disabled and that we've missed some that can. I'm sure things could be done more cleverly and cleanly. I can also provide a few sample ISO files (but not in a public forum since they contain malware).