CKAN currently does not check that uploaded files actually match the specified format, which opens the door to malicious uploads. For example, it's entirely possible to upload the EICAR test virus and tell CKAN it's a PDF document; anyone who downloads it will likely be offered the opportunity to run it (eg Firefox on Ubuntu offered to open it with the Mono runtime).
The ckan-security mailing list indicated that this is a won't-fix, because some CKAN sites may choose to let people specify formats that don't match, eg a ZIP archive containing Office documents may be legitimately marked as DOC format. There may still be options there, however, such as checking at least that when a ZIP extension is used, content type sniffing agrees that it's a ZIP file, and vice versa. Or, ideally, checking that it actually contains DOC files.
We've developed an implementation within https://github.com/qld-gov-au/ckan-ex-qgov that doesn't have any special handling of archive types, but does implement IResourceController to check that the file extension, format, and sniffed file type are all compatible.
CKAN currently does not check that uploaded files actually match the specified format, which opens the door to malicious uploads. For example, it's entirely possible to upload the EICAR test virus and tell CKAN it's a PDF document; anyone who downloads it will likely be offered the opportunity to run it (eg Firefox on Ubuntu offered to open it with the Mono runtime).
The ckan-security mailing list indicated that this is a won't-fix, because some CKAN sites may choose to let people specify formats that don't match, eg a ZIP archive containing Office documents may be legitimately marked as DOC format. There may still be options there, however, such as checking at least that when a ZIP extension is used, content type sniffing agrees that it's a ZIP file, and vice versa. Or, ideally, checking that it actually contains DOC files.
We've developed an implementation within https://github.com/qld-gov-au/ckan-ex-qgov that doesn't have any special handling of archive types, but does implement IResourceController to check that the file extension, format, and sniffed file type are all compatible.