Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
python-magic is a Python interface to the libmagic file type
identification library. libmagic identifies file types by checking
their headers according to a predefined list of file types. This
functionality is exposed to the command line by the Unix command
file
.
>>> import magic
>>> magic.from_file("testdata/test.pdf")
'PDF document, version 1.2'
# recommend using at least the first 2048 bytes, as less can produce incorrect identification
>>> magic.from_buffer(open("testdata/test.pdf", "rb").read(2048))
'PDF document, version 1.2'
>>> magic.from_file("testdata/test.pdf", mime=True)
'application/pdf'
There is also a Magic
class that provides more direct control,
including overriding the magic database file and turning on character
encoding detection. This is not recommended for general use. In
particular, it's not safe for sharing across multiple threads and
will fail throw if this is attempted.
>>> f = magic.Magic(uncompress=True)
>>> f.from_file('testdata/test.gz')
'ASCII text (gzip compressed data, was "test", last modified: Sat Jun 28
21:32:52 2008, from Unix)'
You can also combine the flag options:
>>> f = magic.Magic(mime=True, uncompress=True)
>>> f.from_file('testdata/test.gz')
'text/plain'
The current stable version of python-magic is available on PyPI and
can be installed by running pip install python-magic
.
Other sources:
This module is a simple wrapper around the libmagic C library, and that must be installed as well:
sudo apt-get install libmagic1
You'll need DLLs for libmagic. @julian-r maintains a pypi package with the DLLs, you can fetch it with:
pip install python-magic-bin
brew install libmagic
port install file
'MagicException: could not find any magic files!': some
installations of libmagic do not correctly point to their magic
database file. Try specifying the path to the file explicitly in the
constructor: magic.Magic(magic_file="path_to_magic_file")
.
'WindowsError: [Error 193] %1 is not a valid Win32 application': Attempting to run the 32-bit libmagic DLL in a 64-bit build of python will fail with this error. Here are 64-bit builds of libmagic for windows: https://github.com/pidydx/libmagicwin64. Newer version can be found here: https://github.com/nscaife/file-windows.
'WindowsError: exception: access violation writing 0x00000000 ' This may indicate you are mixing Windows Python and Cygwin Python. Make sure your libmagic and python builds are consistent.
python-magic is a thin layer over the libmagic C library. Historically, most bugs that have been reported against python-magic are actually bugs in libmagic; libmagic bugs can be reported on their tracker here: https://bugs.astron.com/my_view_page.php. If you're not sure where the bug lies feel free to file an issue on GitHub and I can triage it.
To run the tests across a variety of linux distributions (depends on Docker):
./test_docker.sh
To run tests locally across all available python versions:
./test/run.py
To run against a specific python version:
LC_ALL=en_US.UTF-8 python3 test/test.py
The python bindings shipped with libmagic use a module name that conflicts with this package. To work around this, python-magic includes a compatibility layer for the libmagic API. See COMPAT.md for a guide to libmagic / python-magic compatibility.
Minor version bumps should be backwards compatible. Major bumps are not.
Written by Adam Hupp in 2001 for a project that never got off the ground. It originally used SWIG for the C library bindings, but switched to ctypes once that was part of the python standard library.
You can contact me via my website or GitHub.
python-magic is distributed under the MIT license. See the included LICENSE file for details.
I am providing code in the repository to you under an open source license. Because this is my personal repository, the license you receive to my code is from me and not my employer (Facebook).
FAQs
File type identification using libmagic
We found that python-magic demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.