Protection from zip bombs with python3's zlib.uncompress - gzip

I need to uncompress data using zlib.uncompress from source that may or may not be trusted. The documentation for zlib says the decompress method raises zlib.error in case any error occurs, but can this on it's own protect from zip bombs? (i.e. should I add catch for e.g. MemoryError?)

You should use zlib.decompressobj instead to protect against bombs.

Related

syncfusion.pdf.pdfException"Could Not Find valid signature (%pds-).'

string docuAddr = #"C:\Users\psimmon\source\repos\PDFTESTAPP\PDFTESTAPP\TempForms\forms-www.courts.state.co.us-Forms-PDF-JDF1117.pdf";
byte[] bytes = Encoding.Unicode.GetBytes(docuAddr);
PdfLoadedDocument loadedDocument = new PdfLoadedDocument(bytes, true);---blows here
PdfLoadedForm myForm = loadedDocument.Form;
PdfLoadedFormFieldCollection fields = myForm.Fields;
not sure what I have done wrong here, but the PDF file is opening, either in a browser or a fileexployer window. so it has to be me, guessed at most of this, all you very smart folks, I could use your gray matter. forgive my stupidity.
The reported exception “could not find valid signature (%PDF-)” may occurs due to the file is not a PDF document. We suspect it seems the other format files are saved with the “.pdf” extension. We could not open and repair this type of document on our end, we have already added the details in our documentation,
Please find some of the following corrupted error messages that cannot be repaired:
UG: https://help.syncfusion.com/file-formats/pdf/open-and-save-pdf-file-in-c-sharp-vb-net#possible-error-messages-of-invalid-pdf-documents-while-loading
If you want to find this type of corrupted document, Syncfusion PDF Library provides support to check and report whether the existing PDF document is corrupted or not with corruption details and structure-level syntax errors.
UG: https://help.syncfusion.com/file-formats/pdf/working-with-document#find-corrupted-pdf-document
Blog: https://www.syncfusion.com/blogs/post/how-to-find-corrupted-pdf-files-in-c-sharp.aspx
KB: https://www.syncfusion.com/kb/9686/how-to-identify-the-corrupted-pdf-document-using-c-and-vb-net

QFtp Warning QIODevice::read (QTcpSocket, QFtpDTP

QFtp Ftp;
When i have Ftp loggedIn and i try to get a file that does not exist on the server using
Ftp.get(RemoteFile, LocalFile.data()); i received a warning
I know it is because of writting direct to data of LocalFile.
This is the warning:
QIODevice::read (QTcpSocket, "QFtpDTP Passive state socket"): device not open
What is the best way to treat this warning?
I tried Try Catch(...) to fix the issue and still happenning.
Forget about. I use the list command before the get to check if file was there and avoid the issue.
I did a FTP.list(RemoteDirectory) and if the file is there i call FTP.get(RemoteDirectoy, localFile.data()), if is not there i do not call The FTP.

Rename filename.ext.crswap to filename.ext rather than copying

When performing this sequence
Obtain a handle to a new file via window.showSaveFilePicker, say filename.ext
Obtain a writeable file stream from the handle
Write some content into the file using the stream
close the stream to signal completion
the File System API writes to filename.ext.crswap and on close copies filename.ext.crswap to filename.ext
Is there a reason that filename.ext.crswap is not rather renamed to filename.ext?
The reason for this behavior is to avoid partial writes:
"User agents try to ensure that no partial writes happen, i.e. the file represented by fileHandle will either contain its old contents or it will contain whatever data was written through stream up until the stream has been closed."—Spec.

How to parse ISO8583 message from a text file & write it to a database

I am having few ISO8583 logs in a text file. I want to parse these logs from this text file and write them to any database with some descriptive information such as class of the message, message function, message origin, processing code, response code etc.
I am new to the BASE24/ISO8583 and was trying to find any ready-made parser for this. Is there any such parser available ? Does jPOS provides such functionality ?
EDIT
I have the logs in ISO8583 format in ".log" file as given below:
MTI : 0200
Field-3 : 201234
Field-4 : 000000010000
Field-7 : 0110722180
Field-11 : 123456
Field-44 : A5DFGR
Field-105 : ABCDEFGHIJ 1234567890
This is same as the format given in the link shared by you.
It also consists of hex dump but I dont want to parse that.
The code given in the link is doing packing and unpacking of the message where as what I am trying is to read these logs (in unpacked form) and write them into a database table.
I think i need to write my own code for this and use the jPOS packagers in it.
It really depends on the format of the log file - are the ISO8583 messages - HexStrings, and HexDump an XML representation of ISO8583, some other application trace file ?
Once you know the format and it might require some massaging - you will want to research the ISOMsg.unpack() methods using the appropriate jPOS packager. the packager defines the field structure - of the various ISO8583 fields and field construction (lengths, character set, etc.)
a good example was found at the following blog post: looking at the "Parse (unpack) ISO Message" seciton http://jimmod.com/blog/2011/07/26/jimmys-blog-iso-8583-tutorial-build-and-parse-iso-message-using-jpos-library/
You mention - Base24 - jPOS does have a few packagers that might be close starting point.:
https://github.com/jpos/jPOS/blob/master/jpos/src/dist/cfg/packager/base24.xml
Those human-readable log formats are usually difficult to parse without loosing information. Moreover, the logs are probably PCI compliant so there's a lot of masked information there. You want to ask for ah hex dump of the messages.
what is displayed in log file is parsed ISO.Hence you need not use jpos.jpos is only for packing and unpacking when you transmit the message.
Assign the field to variable and write in DB
for example,Field 39 is response code.
Using jpos is good idea. You should go for your custom packager design class.

BizTalk Receive binary file correlated on RecievedFileName

I'm having problem with routing a message of binary file to a running instance of an Orchestration using correlation of context property: ReceivedFileName. The correlation is initialized using a send with dummy file where in the Orchestration sets the ReceivedFileName context property of the message and the property gets promoted. After that routing fails of the message being received (as XmlDocument) and I can see that the ReveivedFileName context property of that message has not been promoted should it be like that? I cant figure out any way to get it promoted so I just want to make sure it should be like this.
The file names are identical but I noticed that the ReceivedFileName property of the send message doesn't have the path whereas the received message has path + file name. I have tried to add the path to the send message(sounds strange though, read it some where) but it doesn't change the outcome.
While you can set Context Proerties in an Orchestration, they are not Promoted.
You have to use the Correlation Technique described here to have the Properties Promoted when they hit the MessageBox: http://blogs.biztalk360.com/property-promotion-inside-orchestration/
Basically, you Initialize a Correlation Set based on the Properties you need Promoted.
As Ben Runchey pointed out in a comment above one have to resort to a custom pipeline and promote the FILE.ReceivedFileName there by calling:
messag.Context.Promote("ReceivedFileName", "http://schemas.microsoft.com/BizTalk/2003/file-properties", receivedFileName);
I also removed the path from FILE.ReceivedFileName to only have the filename by calling the inmsg.Context.Read("ReceivedFileName", "http://schemas.microsoft.com/BizTalk/2003/file-properties")
and altered the value and wrote it back by calling:
inmsg.Context.Write("ReceivedFileName", "http://schemas.microsoft.com/BizTalk/2003/file-properties", receivedFileName);