1 files changed, 8 insertions, 0 deletions
diff --git a/doc/implementation_notes.md b/doc/implementation_notes.md
index b763835..3b8e49d 100644
--- a/doc/implementation_notes.md
+++ b/doc/implementation_notes.md
@@ -61,3 +61,11 @@ Images handling
 When possible, images are handled like PDF: rendered on a surface, then saved
 to the filesystem. This ensures that every metadata is removed.
+XML attacks
+-----------
+Since our thread model conveniently excludes files crafted to specifically
+bypass MAT2, fileformats containing harmful XML are out of our scope.
+But since MAT2 is using [etree](https://docs.python.org/3/library/xml.html#xml-vulnerabilities)
+to process XML, it's "only" vulnerable to DoS, and not memory corruption:
+odds are that the user will notice that the cleaning didn't succeed.

diff --git a/doc/implementation_notes.md b/doc/implementation_notes.md index b763835..3b8e49d 100644 --- a/doc/implementation_notes.md +++ b/doc/implementation_notes.md
@@ -61,3 +61,11 @@ Images handling
61	When possible, images are handled like PDF: rendered on a surface, then saved	61	When possible, images are handled like PDF: rendered on a surface, then saved
62	to the filesystem. This ensures that every metadata is removed.	62	to the filesystem. This ensures that every metadata is removed.
63		63
		64	XML attacks
		65	-----------
		66
		67	Since our thread model conveniently excludes files crafted to specifically
		68	bypass MAT2, fileformats containing harmful XML are out of our scope.
		69	But since MAT2 is using [etree](https://docs.python.org/3/library/xml.html#xml-vulnerabilities)
		70	to process XML, it's "only" vulnerable to DoS, and not memory corruption:
		71	odds are that the user will notice that the cleaning didn't succeed.