Merge remote-tracking branch 'origin/pr/7'

* origin/pr/7: (92 commits) makefile: Resolve makefile conflict pylint: Add expression-not-assigned client: Add support for older tqdm versions client: Handle out of space error client: Fix output spacing client: Simplify image appending pylint: Add bad-continuation to .pylintrc meta: Copyright info client: Exit with 1 on error client: Implement bulk saves and remove reps appropriately server: Rename batch entry variables server: Prevent CPU hogging by PNG tasks server: Handle non-ASCII output from pdfinfo(1) client: Use python3 shebang travis: Update imports and pylint exceptions travis: remove --exit-code travis: Attempt to fix pylint travis: Re-add --exit-code because i was right the first time travis: fix paths and try without --exit-code travis: Add pylint dependency ...
QubesOS · Jun 22, 2020 · 60b6b5c · 60b6b5c
2 parents 388278a + 1ee08f7
commit 60b6b5c
Show file tree

Hide file tree

Showing 17 changed files with 1,037 additions and 288 deletions.
diff --git a/.pylintrc b/.pylintrc
@@ -0,0 +1,22 @@
+[MASTER]
+persistent=no
+ignore=qubespdfconverter/tests
+
+[MESSAGES CONTROL]
+disable=
+  bad-continuation,
+  bare-except,
+  blacklisted-name,
+  deprecated-method,
+  duplicate-code,
+  expression-not-assigned,
+  file-ignored,
+  fixme,
+  invalid-name,
+  locally-disabled,
+  locally-enabled,
+  missing-docstring,
+  protected-access,
+  too-few-public-methods,
+  unused-argument,
+  wrong-import-order
diff --git a/.travis.yml b/.travis.yml
@@ -5,5 +5,10 @@ import:
 
 jobs:
   include:
-    - script:
-      - shellcheck qpdf-convert-client qpdf-convert-server
+    - language: python
+      python:
+       - '3.7'
+      install:
+       - pip install --quiet -r ci/requirements.txt
+      script:
+       - python3 -m pylint --rcfile=.pylintrc qubespdfconverter
diff --git a/Makefile b/Makefile
@@ -24,9 +24,8 @@ build:
 
 install-vm:
 	make install -C doc
-	install -D qvm-convert-pdf $(DESTDIR)/usr/bin/qvm-convert-pdf
-	install -D qpdf-convert-client $(DESTDIR)/usr/lib/qubes/qpdf-convert-client
-	install -D qpdf-convert-server $(DESTDIR)/usr/lib/qubes/qpdf-convert-server
+	install -D qubespdfconverter/client.py $(DESTDIR)/usr/bin/qvm-convert-pdf
+	install -D qubespdfconverter/server.py $(DESTDIR)/usr/lib/qubes/qpdf-convert-server
 	install -d $(DESTDIR)/etc/qubes-rpc
 	ln -s ../../usr/lib/qubes/qpdf-convert-server $(DESTDIR)/etc/qubes-rpc/qubes.PdfConvert
 	install -D qvm-convert-pdf.gnome $(DESTDIR)/usr/lib/qubes/qvm-convert-pdf.gnome

diff --git a/README.md b/README.md
@@ -1,32 +1,30 @@
 Qubes PDF Converter
 ====================
 
-Qubes PDF converter is a [Qubes](https://qubes-os.org) Application, which
-utilizes Qubes flexible qrexec (inter-VM communication) infrastructure and
-Disposable VMs to perform conversion of potentially untrusted (e.g. maliciously
-malformed) PDF files into safe-to-view PDF files.
-
-This is done by having the Disposable VM perform the complex (and potentially
-buggy) rendering of the PDF in question) and sending the resulting RGB bitmap
-(simple representation) to the client AppVM. The client AppVM can _trivially_
-verify the received data are indeed the simple representation, and then
-construct a new PDF out of the received bitmap. Of course the price we pay for
-this conversion is loosing any structural information and text-based search in
-the converted PDF.
-
-More discussion and introduction of the concept has been described in the
-original article
+Qubes PDF converter is a [Qubes](https://qubes-os.org) Application that
+utilizes Disposable VMs and Qubes' flexible qrexec (inter-VM communication)
+infrastructure to securely convert potentially untrusted PDF files into
+safe-to-view PDF files.
+
+This is done by having a Disposable VM render each page of a PDF file into a
+very simple representation (RGB bitmap) that (presumably) leaves no room for
+malicious code. This representation is then sent back to the client AppVM which
+then constructs an entirely new PDF file out of the received bitmaps.
+
+More discussion of the concept has been described in the original article
 [here](http://blog.invisiblethings.org/2013/02/21/converting-untrusted-pdfs-into-trusted.html).
 
 Usage
 ------
 
-    [user@varia ~]$ qvm-convert-pdf test.pdf
-    -> Sending file to remote VM...
-    -> Waiting for converted samples...
-    -> Receving page 8 out of 8...
-    -> Converted PDF saved as: ./test.trusted.pdf
-    -> Original file saved as /home/user/QubesUntrustedPDFs/test.pdf
+    [user@domU ~]$ qvm-convert-pdf file1.pdf file2.pdf file3.pdf
+    :: Sending files to Disposable VMs...
+
+     file1.pdf...done
+     file2.pdf...fail
+     file3.pdf...done
+
+    Total Sanitized Files: 2/3
 
 Authors
 ---------

diff --git a/ci/requirements.txt b/ci/requirements.txt
@@ -0,0 +1,6 @@
+# WARNING: those requirements are used only for travis-ci.org
+# they SHOULD NOT be used under normal conditions; use system package manager
+click
+pillow
+pylint
+tqdm
diff --git a/debian/qubes-pdf-converter.install b/debian/qubes-pdf-converter.install
@@ -1,4 +1,3 @@
-usr/lib/qubes/qpdf-convert-client
 usr/lib/qubes/qpdf-convert-server
 etc/qubes-rpc/qubes.PdfConvert
 usr/bin/qvm-convert-pdf

diff --git a/doc/qvm-convert-pdf.rst b/doc/qvm-convert-pdf.rst
@@ -4,27 +4,28 @@ QVM-CONVERT-PDF(1)
 
 NAME
 ====
-qvm-convert-pdf - converts a potentially untrusted pdf to a safe-to-view pdf
+qvm-convert-pdf - converts potentially untrusted PDFs to a safe-to-view PDF
 
 SYNOPSIS
 ========
-| qvm-convert-pdf <pdf to convert>
+| qvm-convert-pdf <PDF to convert ...>
 
 DESCRIPTION
 ===========
 
-Qubes PDF converter is a Qubes Application, which utilizes Qubes flexible qrexec
-(inter-VM communication) infrastructure and Disposable VMs to perform conversion
-of potentially untrusted (e.g. maliciously malformed) PDF files into
-safe-to-view PDF files.
+Qubes PDF converter is a Qubes Application that utilizes Qubes' flexible qrexec
+(inter-VM communication) infrastructure and Disposable VMs to securely convert
+potentially untrusted (e.g. maliciously malformed) PDF files into safe-to-view
+PDF files.
 
-This is done by having the Disposable VM perform the complex (and potentially
-buggy) rendering of the PDF in question) and sending the resulting RGB bitmap
-(simple representation) to the client AppVM. The client AppVM can _trivially_
-verify the received data are indeed the simple representation, and then
-construct a new PDF out of the received bitmap. Of course the price we pay for
-this conversion is loosing any structural information and text-based search in
-the converted PDF.
+This is done by having a Disposable VM render each page of a PDF file into a 
+very simple representation (RGB bitmap) that (presumably) leaves no room for 
+malicious code. This representation is then sent back to the client AppVM which 
+then constructs an entirely new PDF file out of the received bitmaps.
+
+Of course, the price we pay for this conversion is an increase in file size and 
+the loss of any structural information or text-based search in the converted 
+PDF.
 
 AUTHORS
 =======

diff --git a/qpdf-convert-client b/qpdf-convert-client
diff --git a/qpdf-convert-server b/qpdf-convert-server