-
-
Notifications
You must be signed in to change notification settings - Fork 357
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow disabling unsafe types? #483
Comments
I did not immediately understood what you meant with unsafe signatures, but I get it now, it are signatures beyond this point: Line 1179 in c037ba7
these are much more likely to be false positives. |
Yep, apologies for the vagueness. I've updated the original issue with a link. Would you be willing to accept a PR? Any preferred approach? |
I had a look to the MPEG-1 detection based on your feedback. Lines 1181 to 1189 in c037ba7
I don't think there is an alternative detection for that present in the code. I actually tlooked into making it more safe. From the non official specs it looks the current filter is actually already to narrow (at least on the bytes it is testing on). It's currently to specific on the stream-id.
I think it makes sense to optionaly exclude likely false positives (the so called unsafe signatures). I would prefere
Risk on false postives also exist for signatures and for some more likely to occure then others. But it makes sense as well to indicate that the likelyhood of a false postive is significantly higher.
I am not a big fan of exposing potential outcomes as part of the API to begin with. Additonally:
|
Related to unsafe types: Borewit/peek-readable#356 (comment) pointing out is is also guessing the file-type here: Lines 176 to 180 in c037ba7
|
After #704 we could group the unsafe detections to its own method, which allows te remove them from the detector list. Maybe we should extend the detector interface a bit, so that parsers have something like a name / id, so you manipulate this list of detectors. fileTypeParser.detectors = [
{id: 'default', detect: (t) => detectUnsafe(t))},
{id: 'default.unsafe', detect: (t) => detectUnsafe(t)}
] You could then get rid of the detectors: fileTypeParser.detectors = fileTypeParser.detectors.filter(detector => detector.is !== 'default.unsafe'); |
👍 We should then make |
There's a few file types that are marked as "unsafe" - and looking at the detection signatures I assume it's because the check is somewhat simple/naive. I have a gLTF file that is being detected as an
ico
, for instance.Would it be possible to either:
a) Be able to disable the unsafe types (
fromBuffer(buf, {allowUnsafe: false})
or similar)b) Return an
unsafe: true
in the return value for the unsafe typesc) Expose an array or similar that declares the unsafe types so we can exclude them on the consumer side
The issue with c) is that some of the unsafe file types does have more "safe" routes (like mpg).
The text was updated successfully, but these errors were encountered: