filter: use regexp to check multipart bodies

This should be safer than running file(1), which has had its share
of vulnerabilities this year (early 2014) We really only care about
diffs and maybe short log files, here.

diff --git a/lib/PublicInbox/Filter.pm b/lib/PublicInbox/Filter.pm
index 0b4dce87a4a222c30fef8c6c887fc213b5f1b877..4a3482170422c7a16965a198abf89b7dac140d25 100644 (file)
--- a/lib/PublicInbox/Filter.pm
+++ b/lib/PublicInbox/Filter.pm
@@ -215,23 +215,13 @@ sub replace_body {
        mark_changed($simple);
 }
 
-# run the file(1) command to detect mime type
-# Not using File::MMagic for now since that requires extra configuration
-# Note: we do not rewrite the message with the detected mime type
+# Check for display-able text, no messed up binaries
+# Note: we can not rewrite the message with the detected mime type
 sub recheck_type_ok {
        my ($part) = @_;
-       my $cmd = "file --mime-type -b -";
-       my $pid = open2(my $out, my $in, $cmd);
-       print $in $part->body;
-       close $in;
-       my $type = eval {
-               local $/;
-               <$out>;
-       };
-       waitpid($pid, 0);
-       chomp $type;
-
-       (($type =~ $MIME_TEXT_ANY) && ($type !~ $MIME_HTML))
+       my $s = $part->body;
+       ((bytes::length($s) < 0x10000) &&
+               ($s =~ /\A([\P{XPosixPrint}\f\n\r\t]+)\z/))
 }
 
 1;

diff --git a/t/filter.t b/t/filter.t
index 0aa26a5f88977105857a804a8c90e226f40ceb66..ac9f1f6f973d42f4ac4cb56f7bf42ec536bde1b4 100644 (file)
--- a/t/filter.t
+++ b/t/filter.t
@@ -291,6 +291,8 @@ int main(void)
        printf("Hello world\\n");
        return 0;
 }
+\f
+/* some folks like ^L */
 EOF
                ),
                Email::MIME->create(