3 files changed, 49 insertions, 10 deletions
diff --git a/lib/archive.py b/lib/archive.py
index 6378cab..c8203c9 100644
--- a/lib/archive.py
+++ b/lib/archive.py
@@ -1,6 +1,33 @@
+import tarfile
+import sys
 import parser
+import mat
 class TarStripper(parser.Generic_parser):
    def remove_all(self):
-        for file in self.editor.array("file"):
+        if not tarfile.is_tarfile(self.filename):
-            print file.name
+            print('%s is not a valid tar file' % self.filename)
+            sys.exit(1)
+        tarin = tarfile.open(self.filename, 'r')
+        tarout = tarfile.open(self.filename + parser.POSTFIX, 'w')
+        for current_file in tarin.getmembers():
+            tarin.extract(current_file)
+            if current_file.type is '0': #is current_file a regular file ?
+                #no backup file
+                class_file = mat.create_class_file(current_file.name, False)
+                class_file.remove_all()
+                tarout.add(current_file.name)
+        #meta from the tar itself
+        tarout.mtime = None
+        tarout.close()
+        tarin.close()
+    def is_clean(self):
+        return False
diff --git a/lib/mat.py b/lib/mat.py
index 6abcd64..156c683 100644
--- a/lib/mat.py
+++ b/lib/mat.py
@@ -14,7 +14,7 @@ import hachoir_editor
 import images
 import audio
 import misc
-#import archive
+import archive
 __version__ = "0.1"
 __author__ = "jvoisin"
@@ -24,24 +24,34 @@ strippers = {
    hachoir_parser.image.PngFile: images.PngStripper,
    hachoir_parser.audio.MpegAudioFile: audio.MpegAudioStripper,
    hachoir_parser.misc.PDFDocument: misc.PdfStripper,
-    #hachoir_parser.archive.TarFile: archive.TarStripper,
+    hachoir_parser.archive.TarFile: archive.TarStripper,
 }
-def create_class_file(name, backup):
+def is_secure(filename):
    '''
-        return a $FILETYPEStripper() class,
+        Prevent shell injection
-        corresponding to the filetype of the given file
    '''
    if not(os.path.isfile(name)): #check if the file exist
        print("Error: %s is not a valid file" % name)
        sys.exit(1)
+    filename.strip('\s') #separations
+    filename.strip('`') #injection `rm / -Rf`
+    filename.strip('\$(.*)')#injection $(rm / -Rf)
+    filename.strip(';')#injection $filename;rm / -Rf
+def create_class_file(name, backup):
+    '''
+        return a $FILETYPEStripper() class,
+        corresponding to the filetype of the given file
+    '''
+    #is_secure(name)
    filename = ""
    realname = name
    filename = hachoir_core.cmd_line.unicodeFilename(name)
    parser = hachoir_parser.createParser(filename)
    if not parser:
-        print("Unable to parse the file %s : sorry" % filename)
+        print("Unable to parse the file %s with hachoir-parser." % filename)
        sys.exit(1)
    editor = hachoir_editor.createEditor(parser)
diff --git a/lib/parser.py b/lib/parser.py
index d629619..12ef15a 100644
--- a/lib/parser.py
+++ b/lib/parser.py
@@ -6,6 +6,7 @@ import hachoir_core.error
 import hachoir_parser
 import hachoir_editor
 import sys
+import os
 import shutil
 POSTFIX = ".cleaned"
@@ -25,6 +26,7 @@ class Generic_parser():
        #FIXME : not secure at all !
        try:
            shutil.rmtree(self.filename)
+            #shutil.subprocess('shutil' , '--remove', 'self.filename')
        except:
            print('Unable to remove %s' % self.filename)
@@ -47,7 +49,7 @@ class Generic_parser():
        hachoir_core.field.writeIntoFile(self.editor, self.filename + POSTFIX)
        if self.backup is False:
            self.secure_remove() #remove the old file
-            shutil.rename(self.filename+ POSTFIX, self.filename)#rename the new
+            os.rename(self.filename+ POSTFIX, self.filename)#rename the new
    def remove_all_ugly(self):
        '''
@@ -57,7 +59,7 @@ class Generic_parser():
            In a perfect world, with nice fileformat,
            this method does not exist.
        '''
-        raise NotImplementedError()
+        self.remove_all()
    def _remove(self, field):