.
D 2015-03-28T07:40:37.624
L project\sstate
N text/x-markdown
U mario
W 1721
## Stabiity
* The application runs mostly stable. The GUI interfaces are workable.
* It's supposed to run on Gtk2 and Gtk3.
* Python3 support is achieved.
* There haven't been any optimizations regarding memory usage and
performance.
* The current internal API is vastly undocumented.
## Current bugs
* audio- and list-format support is not very robust / needs better API
* not all keyboard shortcuts work
## Features
* Treeview layouts and lists are dynamically from datamap[] structure and stream{} dicts.
* Channel categories are often built-in defaults (can be freshened up however)
* Config vars and cache data get stored as JSON in ~/.config/streamtuner2/
* Plugin meta data spec is mostly used now for configuration description, and plugin management.
## Missing:
* Localization (not actually planned for)
## Security notes
* Directory scrapers use fragile regular expressions - which is probably
not a security risk, but might lead to faulty data. Albeit HTML entitiy cleanup and constraints are in place. (And in fact the Xiph JSON API is the worst. And InternetRadio DOM extraction is more fragile.)
* MEDIUM: little integrity checking for .pls / .m3u references and files
* minimal XML/SGML entity decoding (-> faulty data)
* fixed: now uses only proper Python json decoding (no longer Python-style dicts and eval)
* HIGH RISK: no verification of downloaded favicon image files (ico/png),
as they are passed to gtk.gdk.Pixbuf (OTOH data pre-filtered by Google)
* MEDIUM: audio players / decoders are easily affected by buffer overflows
from corrupt mp3/stream data. However nothing we can preassert here, streamtuner2 just passes them on.
Z a38832739f5702734a9a0d59337b8cbe