Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Moved CVE images into password-protected zip #4869

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 18 additions & 8 deletions Tests/check_tiff_crashes.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,16 +14,26 @@
# version.


import io
import zipfile

from PIL import Image

# The vulnerabilities represented by these files have been addressed.
# However, antivirus software does not detect that this is a version of Pillow
# with those fixes, and so to prevent unnecessary alarm, the files are
# hidden inside a password-protected zip
repro_read_strip = (
"images/crash_1.tif",
"images/crash_2.tif",
"crash_1.tif",
"crash_2.tif",
)

for path in repro_read_strip:
with Image.open(path) as im:
try:
im.load()
except Exception as msg:
print(msg)
with zipfile.ZipFile("images/crash.zip") as crashzip:
for path in repro_read_strip:
with crashzip.open(path, pwd=b"vulnerabilitiesaddressed") as f:
data = io.BytesIO(f.read())
with Image.open(data) as im:
try:
im.load()
except Exception as msg:
print(msg)
Binary file added Tests/images/crash.zip
Binary file not shown.
Binary file removed Tests/images/crash_1.tif
Binary file not shown.
Binary file removed Tests/images/crash_2.tif
Binary file not shown.