Pure: A static analysis file format checker

#106 · ✸ 95 · 💬 14 · one year ago · github.com · slimsag · 📷
Pure is a static analysis file format checker that checks ZIP files for dangerous compression ratios, spec deviations, malicious archive signatures, mismatching local and central directory headers, ambiguous UTF-8 filenames, directory and symlink traversals, invalid MS-DOS dates, overlapping headers, overflow, underflow, sparseness, accidental buffer bleeds etc. Pure's goal is to narrow the semantic gap available to attackers attempting to exploit vulnerable software, and to reduce the probability of zero-days, for example David Fifield's A better zip bomb, which was detected by an early version of Pure as a zero-day. Please contact Joran Dirk Greef if you want to support new file formats in Pure. Error) pure zip() returns a non-zero error return code, or a zero return code if the zip file is clean and has no file format anomalies. File Format Anomalies Pure detects more than 150 zip file format anomalies. As a static analysis file format checker, Pure reduces the surface area for zero-day exploits by orders of magnitude. If a file can get past Pure, it's "Pure"... or at least 99% pure.
Pure: A static analysis file format checker



Send Feedback | WebAssembly Version (beta)