From 40e1d6e876e4b4ad5717870e00cfc4ee24095b18 Mon Sep 17 00:00:00 2001 From: red person Date: Wed, 3 Jun 2026 08:10:54 +0300 Subject: [PATCH] Reject non-PNG signature export data (#1651) --- scripts/odysseus-signature | 5 ++++- tests/test_signature_cli_export.py | 14 +++++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/scripts/odysseus-signature b/scripts/odysseus-signature index 8cc0e6d..993a6d3 100755 --- a/scripts/odysseus-signature +++ b/scripts/odysseus-signature @@ -34,9 +34,12 @@ def _decode_png_data(data_png: str) -> bytes: if "," in raw: raw = raw.split(",", 1)[1] try: - return base64.b64decode(raw, validate=True) + decoded = base64.b64decode(raw, validate=True) except Exception as e: fail(f"data_png is not valid base64: {e}") + if not decoded.startswith(b"\x89PNG\r\n\x1a\n"): + fail("data_png is not a PNG image") + return decoded def cmd_list(args): diff --git a/tests/test_signature_cli_export.py b/tests/test_signature_cli_export.py index ffc9757..6d5abcd 100644 --- a/tests/test_signature_cli_export.py +++ b/tests/test_signature_cli_export.py @@ -26,7 +26,8 @@ def _load_signature_cli(monkeypatch): def test_decode_png_data_accepts_data_url(monkeypatch): cli = _load_signature_cli(monkeypatch) - assert cli._decode_png_data("data:image/png;base64,aGVsbG8=") == b"hello" + png = b"\x89PNG\r\n\x1a\nrest" + assert cli._decode_png_data("data:image/png;base64,iVBORw0KGgpyZXN0") == png def test_decode_png_data_rejects_invalid_base64(monkeypatch): @@ -38,3 +39,14 @@ def test_decode_png_data_rejects_invalid_base64(monkeypatch): assert exc.code == 1 else: raise AssertionError("expected invalid base64 to exit") + + +def test_decode_png_data_rejects_non_png_bytes(monkeypatch): + cli = _load_signature_cli(monkeypatch) + + try: + cli._decode_png_data("aGVsbG8=") + except SystemExit as exc: + assert exc.code == 1 + else: + raise AssertionError("expected non-PNG bytes to exit")