docs(readme): drop .xlsx from known gaps (covered in 2h)
This commit is contained in:
parent
ca26e117ea
commit
31166d0af0
1 changed files with 5 additions and 4 deletions
|
|
@ -128,14 +128,15 @@ that a green scan means safe content:
|
|||
inbox showcase (`tests/test_okf_inbox_uploads.py` + `tests/inbox_frontend.py`, a
|
||||
dev-scoped demonstration whose `python-docx`/`python-pptx` parsers live in the
|
||||
`[dev]` extra, never core `dependencies`) reads `.txt`/`.md`/`.csv`/`.docx`/
|
||||
`.pptx`, folders and `.zip`, materializes them into an OKF bundle, then guards
|
||||
it. What survives text extraction is **out of scope**: VBA/macros
|
||||
`.pptx`/`.xlsx`, folders and `.zip`, materializes them into an OKF bundle, then
|
||||
guards it. What survives text extraction is **out of scope**: VBA/macros
|
||||
(`.docm`/`.xlsm`/`.pptm`), OLE / embedded objects, image-embedded instructions
|
||||
needing OCR, font/render steganography, and encrypted / password-protected files
|
||||
— the binary layer needs a separate scanner. The front-end owns the container
|
||||
threats it *can* see (zip-slip → path gate, zip-bomb → size cap, symlink
|
||||
refusal, CSV formula-lead cells). Known gaps: `.xlsx` (openpyxl) and `.pdf`
|
||||
extraction, and the numeric `-`/`+` CSV false positive.
|
||||
refusal, CSV/XLSX formula-lead cells). Known gaps: `.pdf` extraction, and the
|
||||
numeric `-`/`+` CSV false positive (an XLSX numeric cell is typed, so it does not
|
||||
trip the gate).
|
||||
- **Lexicon findings are deduplicated by pattern id** — `count=1` and the first
|
||||
offset are reported, so the same class matched across several channels/variants
|
||||
collapses to one finding at its first location. This keeps reports readable, but
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue