Internet radio browser GUI for music/video streams from various directory services.

⌈⌋ branch:  streamtuner2


Changes To project state

Changes to "project state" between 2015-05-11 21:14:38 and 2015-05-21 20:17:48

     1      1   ## Stability
     2      2    
     3      3   * The application runs mostly stable. The GUI interfaces are workable.
     4         -* It's supposed to run on Gtk2 and Gtk3.
            4  +* It's supposed to run on Gtk2 and Gtk3. Albeit threading is still an issue.
     5      5   * Python3 support is achieved.  
     6      6   * There haven't been any optimizations regarding memory usage and 
     7      7     performance.
     8         -* The current internal API is vastly undocumented. 
            8  +* The current internal API is still somewhat underdocumented. 
     9      9    
    10     10   ## Current bugs
    11     11   
    12     12   * <s>Audio- and list-format support is not very robust / needs better API</s>
    13         -* Not all keyboard shortcuts work 
           13  +* <s>Not all keyboard shortcuts work</s>
    14     14   * <s>Some internal UI state flags remain, that need to be substituted with Gtk callbacks.</s>
    15     15    
    16     16   ## Features
    17     17   
    18     18   * Treeview layouts and lists are dynamically from datamap[] structure and stream{} dicts.
    19     19   * Channel categories are often built-in defaults (can be freshened up however) 
    20     20   * Config vars and cache data get stored as JSON in ~/.config/streamtuner2/ 
................................................................................
    22     22    
    23     23   ## Missing:
    24     24   
    25     25   * Localization (not actually planned for)
    26     26   
    27     27   ## Security notes
    28     28   
    29         -* Directory scrapers use partially complex regular expressions - which is probably 
    30         -  not a security risk, but might lead to faulty data. Albeit HTML entitiy cleanup and constraints are in place. (As for fragile, the InternetRadio DOM method is less exact even.)
    31         -* MEDIUM: integrity checking for .pls / .m3u references and files only on conversion
    32         -* minimal XML/SGML entity decoding (-> faulty data) 
    33         -* fixed: now uses only proper Python json module (no longer Python-style dicts and eval)
           29  +* FAULTY DATA: Directory scrapers use partially complex regular expressions - which is probably not a security risk, but can lead to inexact decoding. Albeit HTML entitiy cleanup and constraints are in place. Charset fixups are done on a case-by-case basis. Doesn't help for Xiph however (already receiving garbage there). As for fragile, some DOM/PyQuery extraction targets are less exact even.
           30  +* MEDIUM: integrity checking for .pls / .m3u references and files is only done on conversion. (Set audio players to use `%xspf` for maximum filtering.)
    34     31   * <s>HIGH RISK: no verification of downloaded favicon image files (ico/png), 
    35     32    as they are passed to gtk.gdk.Pixbuf (OTOH data pre-filtered by Google)</s>
    36     33   * MEDIUM: audio players / decoders are easily affected by buffer overflows 
    37     34     from corrupt mp3/stream data. However nothing we can preassert here, streamtuner2 just passes them on.