← nischoy.ai

AVideo Verification

SMT2 formal verification of security-critical code paths

ALL VERIFIED
Overall
2
Properties Checked
2
Verified
0
Failed

Chunk File Path Must Be Canonicalized And Temp-Dir Confined

VERIFIED

Function: aVideoEncoderChunkFileHandling · Z3 solved in 0.1ms

CVE-2026-33354 class: requester-controlled chunk file paths must be canonicalized and confined to trusted temporary directories before upload pipeline reuse. This catches sibling arbitrary-local-file-read variants where path checks exist but broad allowlists (webroot/app dirs/videos) still permit attacker-selected local files.

View SMT2 Constraints 
; benchmark generated from python API
(set-info :status unknown)
(declare-fun chunkfile_tempdir_confined () Int)
(assert
 (<= chunkfile_tempdir_confined 1))
(assert
 (>= chunkfile_tempdir_confined 1))
(assert
 (and (distinct chunkfile_tempdir_confined 1) true))
(check-sat)

Upload Extension Must Derive From Validated MIME Mapping

VERIFIED

Function: imageGallerySaveFile · Z3 solved in 0.0ms

CVE-2026-33647 class: web-accessible uploads must derive stored filename extensions from a server-side MIME allowlist mapping, never from attacker-controlled original names. This catches sibling polyglot upload variants where MIME sniffing exists but filename extension still controls executable serving behavior.

View SMT2 Constraints 
; benchmark generated from python API
(set-info :status unknown)
(declare-fun upload_extension_bound_to_validated_mime () Int)
(assert
 (<= upload_extension_bound_to_validated_mime 1))
(assert
 (>= upload_extension_bound_to_validated_mime 1))
(assert
 (and (distinct upload_extension_bound_to_validated_mime 1) true))
(check-sat)

Last verified: 2026-03-26 22:02:01 UTC · Solver: Z3 4.16.0