mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00

Take potentially dangerous PDFs, office documents, or images and convert them to safe PDFs

Find a file

Micah Lee b8a9758567 Start making automated linux package builds in CI		2020-02-21 16:18:45 -08:00
.circleci	Start making automated linux package builds in CI	2020-02-21 16:18:45 -08:00
assets	Add dangerzone document icon	2020-01-13 14:10:02 -08:00
dangerzone	Add build script and instructions for fedora	2020-02-21 16:04:11 -08:00
dev_scripts	Initial commit	2020-01-06 14:40:09 -08:00
install	Add build script and instructions for fedora	2020-02-21 16:04:11 -08:00
share	Update container	2020-02-21 14:32:35 -08:00
.gitignore	Commit the pyinstaller.spec, including CFBundleDocumentTypes array to open all document formats	2020-01-13 14:16:21 -08:00
.gitmodules	Make the container a git submodule	2020-01-09 11:35:47 -08:00
BUILD.md	Add build script and instructions for fedora	2020-02-21 16:04:11 -08:00
LICENSE	Initial commit	2020-01-06 12:42:38 -08:00
poetry.lock	In Windows, disable opening of safe PDF, make saving PDF required, and after safe PDF has been created, open Windows explorer with the safe PDF selected	2020-02-20 16:53:25 -08:00
pyproject.toml	In Windows, disable opening of safe PDF, make saving PDF required, and after safe PDF has been created, open Windows explorer with the safe PDF selected	2020-02-20 16:53:25 -08:00
README.md	Allow browsing for all support file types, update README to include supported file types, and update container that supports them all	2020-01-13 12:02:50 -08:00
setup.py	Debian packaging	2020-01-07 17:10:54 -08:00
stdeb.cfg	Use docker for ubuntu and debian, and provide GUI for adding user to docker group	2020-02-21 15:07:49 -08:00

README.md

dangerzone

Take potentially dangerous PDFs, office documents, or images and convert them to a safe PDF.

This is a work in progress and is not quite ready for daily use yet.

Dangerzone works like this: You give it a document that you don't know if you can trust (for example, an email attachment). Inside of a sandbox, dangerzone converts the document to a PDF (if it isn't already one), and then converts the PDF into raw pixel data: a huge list of of RGB color values for each page. Then, in a separate sandbox, dangerzone takes this pixel data and converts it back into a PDF.

Some features:

Sandboxes don't have network access, so if a malicious document can compromise one, it can't phone home
Dangerzone can optionally OCR the safe PDFs it creates, so it will have a text layer again
Dangerzone compresses the safe PDF to reduce file size
After converting, dangerzone lets you open the safe PDF in the PDF viewer of your choice, which allows you to open PDFs and office docs in dangerzone by default so you never accidentally open a dangerous document

Dangerzone can convert these types of document into safe PDFs:

PDF (.pdf)
Microsoft Word (.docx, .doc)
Microsoft Excel (.xlsx, .xls)
Microsoft PowerPoint (.pptx, .ppt)
ODF Text (.odt)
ODF Spreadsheet (.ods)
ODF Presentation (.odp)
ODF Graphics (.odg)
Jpeg (.jpg, .jpeg)
GIF (.gif)
PNG (.png)
TIFF (.tif, .tiff)

Dangerzone was inspired by Qubes trusted PDF, but it works in non-Qubes operating systems and sandboxes the document conversion in containers instead of virtual machines (using podman for Linux, and Docker for macOS, for now). Podman is like docker but more secure -- it doesn't require a privileged daemon, and containers can be launched without root.

Set up a development environment by following these instructions.