[File] libmagic 5.46 magic_buffer returns octet-stream for zip under alpine linux

Davide Setti d.setti at certego.net
Tue Jan 7 11:18:20 UTC 2025 

Hello everybody,

I am running an application which uses libmagic python wrapper to sanitize
allowed input file type.
Currently I am running this task under alpine linux 3.21 (and python 3.12)
which uses libmagic 5.46.

I had an issue with detecting ZIP archives using the magic.from_buffer
method, because it returns "octet-stream":

In [1]: with open('/tmp/sample.zip', 'rb') as buffer:
   ...:     print(magic.from_buffer(buffer.read(), mime=True))
application/octet-stream

The strange part is that when using the magic.from_file method it does
recognize the file as a ZIP archive:

In [2]: magic.from_file('/tmp/sample.zip', mime=True)
Out[2]: 'application/zip'

I checked that by moving back to alpine linux 3.20 which uses libmagic 5.45
the issue in magic.from_buffer does not occur. Thus I suspect that it could
be something which was introduces in version 5.46 (or in the alpine
package).

My test file is a simple zip containing a single text file named
"sample.txt" with "sample" as text content.

I need to support the direct read from buffer since during the file-upload
process if the uploaded file is small it is handled directly in memory.

Has anyone else had the same problem? Is this a problem of the
alpine-version of libmagic?

Regards,
Davide
-- 
<https://www.certego.net/>
Davide Setti
Security Platform Lead Engineer, Certego
<https://www.linkedin.com/company/certego>
<https://twitter.com/Certego_IRT>  <https://github.com/certego>
<https://www.youtube.com/CERTEGOsrl>
Use of the information within this document constitutes acceptance for use
in an "as is" condition. There are no warranties with regard to this
information; Certego has verified the data as thoroughly as possible. Any
use of this information lies within the user's responsibility. In no event
shall Certego be liable for any consequences or damages, including direct,
indirect, incidental, consequential, loss of business profits or special
damages, arising out of or in connection with the use or spread of this
information.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.astron.com/pipermail/file/attachments/20250107/22222cee/attachment.htm>

More information about the File mailing list