This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP File Format Validation Project"

From OWASP
Jump to: navigation, search
 
(12 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 +
 +
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->
 +
<div style="width:100%;height:100px;border:0,margin:0;overflow: hidden;">[[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]] </div>
 +
 +
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->
 +
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 +
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
 +
 +
 +
{{taggedDocument}}
 +
{|
 +
|-
 +
! width="700" align="center" | <br>
 +
! width="500" align="center" | <br>
 +
|-
 +
| align="right" |
 +
 +
|}
 +
 
=Main=
 
=Main=
  
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
 
  
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
Line 11: Line 29:
  
 
==Introduction==
 
==Introduction==
 +
The goal of the project is to provide a database of assertions to check the most of file format.
 +
Each assertion is a translation of an official specification (ISO, RFC, UIT-T, ...) in BIL (Binary Inspection Language), an other part of this project.
  
This project is to provide to developers a library to help them to validate formats of a file properly. Validation is based on the official specifications (ISO, RFC, UIT-T, ...) of tested formats and not only on signatures.
+
BIL is a useful language(language+compiler/interpreter) which allow you to write for each file format, a program to check all files in this format.
 +
 
 +
BIL is easy to learn and can be used by the persons who write specifications.
 +
More informations about BIL : https://sourceforge.net/projects/binil/
 +
 
 +
FFV + BIL would like offer a rugged validation of files format in the applications, NOT only based on the signature.
  
 
==Description==
 
==Description==
Line 48: Line 73:
 
https://sourceforge.net/p/owaspffv/wiki
 
https://sourceforge.net/p/owaspffv/wiki
  
 +
== Openhub ==
  
 
+
https://www.openhub.net/p/owaspffv
  
 
== Project Leader ==
 
== Project Leader ==
Line 63: Line 89:
 
== Quick Download ==
 
== Quick Download ==
  
Not available
+
http://sourceforge.net/p/owaspffv/code-0/HEAD/tree/
  
 
== Email List ==
 
== Email List ==
Line 70: Line 96:
  
 
== News and Events ==
 
== News and Events ==
 
 
 
== In Print ==
 
There is not printed version of this project
 
  
  
Line 97: Line 118:
 
; Why use File Format Validation to check format of a file ?
 
; Why use File Format Validation to check format of a file ?
 
: The validation using FFV is safer than validation based on the magic number, because it validates the entire file structure, including the format of the optional sections, and changes between two versions of the same format.
 
: The validation using FFV is safer than validation based on the magic number, because it validates the entire file structure, including the format of the optional sections, and changes between two versions of the same format.
 +
 +
; What is File Format Validation 0.1.0 ?
 +
: FFV 0.1.0 is an project all in one wrote PHP, it contains : a database of assertions in XML files, a pseudo-language to write assertions, and a mechanism in PHP to make PHP script from the assertions.
 +
 +
; What is File Format Validation > 0.1.0 ?
 +
: With FFV > 0.1.0, FFV is just a database of assertions for each files format and BIL(Binary Inspection Language - an other project) is the language to write assertions, and tests them on a file.
  
 
= Acknowledgements =
 
= Acknowledgements =
Line 129: Line 156:
 
__NOTOC__ <headertabs />  
 
__NOTOC__ <headertabs />  
  
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]
+
[[Category:Inactive Projects]]

Latest revision as of 22:27, 13 February 2016

OWASP Inactive Banner.jpg


This page has been tagged and needs review. Please help OWASP and document the reason for this, see FixME.


OWASP File Format Validation

Welcome to the home of OWASP File Format Validation (FFV) Project !

Introduction

The goal of the project is to provide a database of assertions to check the most of file format. Each assertion is a translation of an official specification (ISO, RFC, UIT-T, ...) in BIL (Binary Inspection Language), an other part of this project.

BIL is a useful language(language+compiler/interpreter) which allow you to write for each file format, a program to check all files in this format.

BIL is easy to learn and can be used by the persons who write specifications. More informations about BIL : https://sourceforge.net/projects/binil/

FFV + BIL would like offer a rugged validation of files format in the applications, NOT only based on the signature.

Description

The 3 sub-projects :

- File Format Description Language (FFDL) : It is a pseudo-language like regexp useful to describe structure of data in a file. FFDL is helpful to make assertion for each specification of a format.

- File Format Database (FFDB) : It is a sort of file/xml database, where each specifications of each file format are stored.

- File Format Validator : It is final package provide to final user. When a package is build, for each format in File Format Database a source file in the language


Licensing

OWASP File Format Validation is free to use. It is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


What is FFV ?

FFV provides:

  • Database of translated specifications of file formats into a pseudo-language
  • Light pseudo-language to describe the structure of a section of data in a file
  • Mechanism to check the format of a file

Presentation

https://sourceforge.net/p/owaspffv/wiki

Openhub

https://www.openhub.net/p/owaspffv

Project Leader

Georges-B. Michel @


Related Projects

Quick Download

http://sourceforge.net/p/owaspffv/code-0/HEAD/tree/

Email List

https://lists.owasp.org/mailman/listinfo/owasp_file_format_validation_project

News and Events

Classifications

New projects.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_File_Format_Validation_Project&oldid=208863"