search

firstlookmedia / pdf-redact-tools

a set of tools to help with securely redacting and stripping metadata from documents before publishing
Other
530 stars 50 forks source link

Reject filenames that begin with "-" #27

Closed micahflee closed 6 years ago

micahflee commented 6 years ago

Because the filename that gets passed into pdf-redact-tools then gets passed into ImageMagick's convert, it's possible that a filename beginning with - could lead to command injection by specifying args to convert.

Even before this patch, this doesn't seem exploitable because argparse already rejects filenames that start with -:

$ ./pdf-redact-tools -s "-example.pdf"
usage: pdf-redact-tools [-h] (-e filename | -m filename | -s filename) [-a]
pdf-redact-tools: error: argument -s/--sanitize: expected one argument

But just in case someone could figure out how to specify a filename that begins with a -, this patch will validate against it.