Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
This library is a wrapper for the ExifTool command-line application (https://exiftool.org) written by Phil Harvey. It is designed for dealing with multiple files at once by creating commands to call exiftool with various arguments, call it and parsing the results.
require 'multi_exiftool'
# Object oriented approach
reader = MultiExiftool::Reader.new
reader.filenames = Dir['*.jpg']
results = reader.read
unless reader.errors.empty?
$stderr.puts reader.errors
end
results.each do |values|
puts "#{values.file_name}: #{values.comment}"
end
# Functional approach
results, errors = MultiExiftool.read(Dir['*.jpg'])
unless errors.empty?
$stderr.puts reader.errors
end
results.each do |values|
puts "#{values.file_name}: #{values.comment}"
end
require 'multi_exiftool'
# Object oriented approach
writer = MultiExiftool::Writer.new
writer.filenames = Dir['*.jpg']
writer.values = {creator: 'Jan Friedrich', copyright: 'Public Domain'}
if writer.write
puts 'ok'
else
puts writer.errors
end
# Functional approach
errors = MultiExiftool.write(Dir['*.jpg'], {creator: 'Jan Friedrich', copyright: 'Public Domain'})
if errors.empty?
puts 'ok'
else
puts writer.errors
end
If it is necessary to write different values to multiple files there is batch processing
require 'multi_exiftool'
# Object oriented approach
batch = MultiExiftool::Batch.new
Dir['*.jpg'].each_with_index do |filename, i|
values = {creator: 'Jan Friedrich', copyright: 'Public Domain', comment: "This is file number #{i+1}."}
batch.write filename, values
end
if batch.execute
puts 'ok'
else
puts batch.errors
end
# Functional approach
errors = MultiExiftool.batch do
Dir['*.jpg'].each_with_index do |filename, i|
values = {creator: 'Jan Friedrich', copyright: 'Public Domain', comment: "This is file number #{i+1}."}
write filename, values
end
end
if errors.empty?
puts 'ok'
else
puts errors
end
# or alternative with block parameter as yielded Batch instance
errors = MultiExiftool.batch do |batch|
Dir['*.jpg'].each_with_index do |filename, i|
values = {creator: 'Jan Friedrich', copyright: 'Public Domain', comment: "This is file number #{i+1}."}
batch.write filename, values
end
end
if errors.empty?
puts 'ok'
else
puts errors
end
# Delete ALL values
errors = MultiExiftool.delete_values(Dir['*.jpg'])
if errors.empty?
puts 'ok'
else
puts writer.errors
end
# Delete values for tags Author and Title
errors = MultiExiftool.delete_values(Dir['*.jpg'], tags: %w(author title))
if errors.empty?
puts 'ok'
else
puts writer.errors
end
See the examples in the examples directory.
By default values are converted to useful instances of Ruby classes. The following conversions are implemented at the moment:
The conversion is done in the method Values#convert. So you can change it's behaviour as following examples show.
module MyConversion
def convert tag, val
val # no conversion at all
end
end
MultiExiftool::Values.prepend MyConversion
module MultiExiftool
module MyConversion
def convert tag, val
converted_val = super
case converted_val
when Time
converted_val.utc # convert Time objects to utc
when Rational
val # no conversion
else
converted_val # use default conversion
end
end
end
Values.prepend MyConversion
end
m = Module.new do
def convert tag, val
if val =~ MultiExiftool::Values::REGEXP_TIMESTAMP
val # no conversion
else
super # use default conversion
end
end
end
MultiExiftool::Values.prepend m
The method Values#convert is called each time a value is fetched.
First you need ExifTool (see under Requirements above). Then you can simply install the gem with
gem install multi_exiftool
or in your Gemfile
gem 'multi_exiftool'
The code is also hosted in a git repository at http://github.com/janfri/multi_exiftool or https://bitbucket.org/janfri/multi_exiftool feel free to contribute!
MultiExiftool follows Semantic Versioning, both SemVer and SemVerTag.
Jan Friedrich janfri26@gmail.com
See file LICENSE for details.
FAQs
Unknown package
We found that multi_exiftool demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.