Circlean bypass for zipfiles:
dd if=img.png bs=8 count=1 of=stealth.zip
Works for PDF, too:
dd if=img.png bs=8 count=1 of=stealth.pdf
You might want to start whitelisting file extensions and checking that file extension and detected MIME type match.
Good point, thank for the hint.
I will look for a somehow generic way to match the mimetypes with the extensions. We will have a problem with some specific types that have many different extensions for the same mime type.
I will implement the fix with the information provided here:
The new version of the code PyCIRCLean (standalone Python code) fixed this security bug:
So this code will limit the issue of the polygot files. Tests and feedback more than welcome.
This bug is now completely fixed by this commit: CIRCL/PyCIRCLean@420e87c
and this one that removed the buggy code: def6c26