Attach videos or diagrams / ship plans and other documents

Dirk Hohndel dirk at hohndel.org
Fri Oct 16 05:04:42 PDT 2015 

On Fri, Oct 16, 2015 at 09:13:32AM +0200, Robert Helling wrote:
> Hi Dirk,
> 
> > On 15.10.2015, at 17:31, Dirk Hohndel <dirk at hohndel.org> wrote:
> > 
> > I don't mind the idea of being able to attach random files.
> 
> My approach to general files would be to attach them in the way we
> attach images, i.e. just store a filename (possibly with a hash) to the
> dive.

But that's not what we do in git storage. We actually store the picture as
well.

> Maybe one could obtain a representation of the file as a QImage,

Rathole alert.
- I want to attach a video (ok, get a screen shot)
- I want to attach a GPX track (ummm, ok, map it and store a picture of that?)
- I want to attach an audio file of the whale song (ummmmm)
- I want to attach the output of program X that I use to track something

> then we could display that in the pictures tab (renamed accordingly),
> for example a still image of a movie, otherwise we just show an icon
> (maybe the OS can provide one for the file type?) and upon double click
> invoke the open method of the OS (Mac has that, I am sure the others as
> well) on the file. Before, we might try some Qt ways of opening the file
> (like we do for images, we might as well for other video or audio files
> but we will have to rely on external programs for things like
> cartography files etc).

See below

> > There are some potential issues with this (so we'd have to be careful
> > how these files are opened as I could easily construct a security
> > attack vector out of a simplistic approach to implementing this).
> 
> I am not sure what you are thinking of. Yes, the OS opens executable
> files (or the like like Subsurface.app) by executing them. Do you think
> we should prevent that? Should we keep a whitelist of harmless file
> types?

I'm thinking that handing files over to Qt and saying "opem this" is a
neat attack vector. Right now we just allow pictures and that part of the
libraries tends to be reasonably robust (as it is used by browsers and
gets some testing), but the more types of formats we accept, and the more
backends we hand these files to, the more havok an attacker could cause.

It's not a huge concern - it's just something to keep in mind.

More information about the subsurface mailing list