From 57f423c9481cbeacf56c62adb3edc88fc416e9cf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Jan 2025 06:36:55 +0000 Subject: [PATCH] build(deps): bump github.com/gabriel-vasile/mimetype from 1.4.7 to 1.4.8 Bumps [github.com/gabriel-vasile/mimetype](https://github.com/gabriel-vasile/mimetype) from 1.4.7 to 1.4.8. - [Release notes](https://github.com/gabriel-vasile/mimetype/releases) - [Commits](https://github.com/gabriel-vasile/mimetype/compare/v1.4.7...v1.4.8) --- updated-dependencies: - dependency-name: github.com/gabriel-vasile/mimetype dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- .../mimetype/internal/magic/archive.go | 11 ++++++++--- .../mimetype/internal/magic/zip.go | 19 +++++++++++++++++++ .../mimetype/supported_mimes.md | 3 ++- .../gabriel-vasile/mimetype/tree.go | 7 ++++++- vendor/modules.txt | 2 +- 7 files changed, 39 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index c0dbb9d163..21b5b9739c 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/dhowden/tag v0.0.0-20240417053706-3d75831295e8 github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e github.com/egirna/icap-client v0.1.1 - github.com/gabriel-vasile/mimetype v1.4.7 + github.com/gabriel-vasile/mimetype v1.4.8 github.com/ggwhite/go-masker v1.1.0 github.com/go-chi/chi/v5 v5.1.0 github.com/go-chi/render v1.0.3 diff --git a/go.sum b/go.sum index c36d0460b9..fa412ba838 100644 --- a/go.sum +++ b/go.sum @@ -332,8 +332,8 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/gabriel-vasile/mimetype v1.4.7 h1:SKFKl7kD0RiPdbht0s7hFtjl489WcQ1VyPW8ZzUMYCA= -github.com/gabriel-vasile/mimetype v1.4.7/go.mod h1:GDlAgAyIRT27BhFl53XNAFtfjzOkLaF35JdEG0P7LtU= +github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM= +github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8= github.com/gdexlab/go-render v1.0.1 h1:rxqB3vo5s4n1kF0ySmoNeSPRYkEsyHgln4jFIQY7v0U= github.com/gdexlab/go-render v1.0.1/go.mod h1:wRi5nW2qfjiGj4mPukH4UV0IknS1cHD4VgFTmJX5JzM= github.com/getkin/kin-openapi v0.13.0/go.mod h1:WGRs2ZMM1Q8LR1QBEwUxC6RJEfaBcD0s+pcEVXFuAjw= diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/archive.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/archive.go index b59042c6f7..068d00f79a 100644 --- a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/archive.go +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/archive.go @@ -52,10 +52,15 @@ func InstallShieldCab(raw []byte, _ uint32) bool { } // Zstd matches a Zstandard archive file. +// https://github.com/facebook/zstd/blob/dev/doc/zstd_compression_format.md func Zstd(raw []byte, limit uint32) bool { - return len(raw) >= 4 && - (0x22 <= raw[0] && raw[0] <= 0x28 || raw[0] == 0x1E) && // Different Zstandard versions. - bytes.HasPrefix(raw[1:], []byte{0xB5, 0x2F, 0xFD}) + if len(raw) < 4 { + return false + } + sig := binary.LittleEndian.Uint32(raw) + // Check for Zstandard frames and skippable frames. + return (sig >= 0xFD2FB522 && sig <= 0xFD2FB528) || + (sig >= 0x184D2A50 && sig <= 0x184D2A5F) } // CRX matches a Chrome extension file: a zip archive prepended by a package header. diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/zip.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/zip.go index f866113fda..f6c64829d9 100644 --- a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/zip.go +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/zip.go @@ -110,3 +110,22 @@ func zipContains(raw, sig []byte, msoCheck bool) bool { } return false } + +// APK matches an Android Package Archive. +// The source of signatures is https://github.com/file/file/blob/1778642b8ba3d947a779a36fcd81f8e807220a19/magic/Magdir/archive#L1820-L1887 +func APK(raw []byte, _ uint32) bool { + apkSignatures := [][]byte{ + []byte("AndroidManifest.xml"), + []byte("META-INF/com/android/build/gradle/app-metadata.properties"), + []byte("classes.dex"), + []byte("resources.arsc"), + []byte("res/drawable"), + } + for _, sig := range apkSignatures { + if zipContains(raw, sig, false) { + return true + } + } + + return false +} diff --git a/vendor/github.com/gabriel-vasile/mimetype/supported_mimes.md b/vendor/github.com/gabriel-vasile/mimetype/supported_mimes.md index a45a3021b5..f9bf03cba6 100644 --- a/vendor/github.com/gabriel-vasile/mimetype/supported_mimes.md +++ b/vendor/github.com/gabriel-vasile/mimetype/supported_mimes.md @@ -1,4 +1,4 @@ -## 177 Supported MIME types +## 178 Supported MIME types This file is automatically generated when running tests. Do not edit manually. Extension | MIME type | Aliases @@ -11,6 +11,7 @@ Extension | MIME type | Aliases **.docx** | application/vnd.openxmlformats-officedocument.wordprocessingml.document | - **.pptx** | application/vnd.openxmlformats-officedocument.presentationml.presentation | - **.epub** | application/epub+zip | - +**.apk** | application/vnd.android.package-archive | - **.jar** | application/jar | - **.odt** | application/vnd.oasis.opendocument.text | application/x-vnd.oasis.opendocument.text **.ott** | application/vnd.oasis.opendocument.text-template | application/x-vnd.oasis.opendocument.text-template diff --git a/vendor/github.com/gabriel-vasile/mimetype/tree.go b/vendor/github.com/gabriel-vasile/mimetype/tree.go index 771e302bcc..b5f5662277 100644 --- a/vendor/github.com/gabriel-vasile/mimetype/tree.go +++ b/vendor/github.com/gabriel-vasile/mimetype/tree.go @@ -44,7 +44,11 @@ var ( "application/gzip-compressed", "application/x-gzip-compressed", "gzip/document") sevenZ = newMIME("application/x-7z-compressed", ".7z", magic.SevenZ) - zip = newMIME("application/zip", ".zip", magic.Zip, xlsx, docx, pptx, epub, jar, odt, ods, odp, odg, odf, odc, sxc). + // APK must be checked before JAR because APK is a subset of JAR. + // This means APK should be a child of JAR detector, but in practice, + // the decisive signature for JAR might be located at the end of the file + // and not reachable because of library readLimit. + zip = newMIME("application/zip", ".zip", magic.Zip, xlsx, docx, pptx, epub, apk, jar, odt, ods, odp, odg, odf, odc, sxc). alias("application/x-zip", "application/x-zip-compressed") tar = newMIME("application/x-tar", ".tar", magic.Tar) xar = newMIME("application/x-xar", ".xar", magic.Xar) @@ -57,6 +61,7 @@ var ( pptx = newMIME("application/vnd.openxmlformats-officedocument.presentationml.presentation", ".pptx", magic.Pptx) epub = newMIME("application/epub+zip", ".epub", magic.Epub) jar = newMIME("application/jar", ".jar", magic.Jar) + apk = newMIME("application/vnd.android.package-archive", ".apk", magic.APK) ole = newMIME("application/x-ole-storage", "", magic.Ole, msi, aaf, msg, xls, pub, ppt, doc) msi = newMIME("application/x-ms-installer", ".msi", magic.Msi). alias("application/x-windows-installer", "application/x-msi") diff --git a/vendor/modules.txt b/vendor/modules.txt index c7f28edd7a..00cdb006fa 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -812,7 +812,7 @@ github.com/felixge/httpsnoop # github.com/fsnotify/fsnotify v1.7.0 ## explicit; go 1.17 github.com/fsnotify/fsnotify -# github.com/gabriel-vasile/mimetype v1.4.7 +# github.com/gabriel-vasile/mimetype v1.4.8 ## explicit; go 1.20 github.com/gabriel-vasile/mimetype github.com/gabriel-vasile/mimetype/internal/charset