From c1140ee9771c8be9eb6baf7cfaefe24c9089b6f0 Mon Sep 17 00:00:00 2001 From: devttys0 Date: Sun, 20 Oct 2024 20:54:28 -0400 Subject: [PATCH] Lint fixes in signatures & extractors --- src/binwalk.rs | 54 +++++++------- src/extractors/arcadyan.rs | 14 ++-- src/extractors/common.rs | 10 ++- src/extractors/jpeg.rs | 6 +- src/signatures/aes.rs | 2 +- src/signatures/androidsparse.rs | 2 +- src/signatures/bzip2.rs | 2 +- src/signatures/cab.rs | 2 +- src/signatures/chk.rs | 2 +- src/signatures/compressd.rs | 2 +- src/signatures/copyright.rs | 2 +- src/signatures/cpio.rs | 2 +- src/signatures/deb.rs | 2 +- src/signatures/dlob.rs | 2 +- src/signatures/dtb.rs | 2 +- src/signatures/ecos.rs | 2 +- src/signatures/elf.rs | 2 +- src/signatures/gif.rs | 2 +- src/signatures/gpg.rs | 2 +- src/signatures/gzip.rs | 2 +- src/signatures/hashes.rs | 4 +- src/signatures/jboot.rs | 4 +- src/signatures/jffs2.rs | 2 +- src/signatures/jpeg.rs | 2 +- src/signatures/linux.rs | 4 +- src/signatures/luks.rs | 2 +- src/signatures/lz4.rs | 2 +- src/signatures/lzfse.rs | 2 +- src/signatures/lzma.rs | 2 +- src/signatures/lzop.rs | 2 +- src/signatures/openssl.rs | 2 +- src/signatures/packimg.rs | 2 +- src/signatures/pcap.rs | 2 +- src/signatures/pdf.rs | 2 +- src/signatures/pe.rs | 2 +- src/signatures/pem.rs | 2 +- src/signatures/pjl.rs | 2 +- src/signatures/png.rs | 2 +- src/signatures/qnx.rs | 2 +- src/signatures/rar.rs | 2 +- src/signatures/riff.rs | 2 +- src/signatures/romfs.rs | 2 +- src/signatures/rsa.rs | 2 +- src/signatures/rtk.rs | 2 +- src/signatures/seama.rs | 2 +- src/signatures/sevenzip.rs | 2 +- src/signatures/squashfs.rs | 2 +- src/signatures/srec.rs | 2 +- src/signatures/svg.rs | 2 +- src/signatures/tarball.rs | 2 +- src/signatures/tplink.rs | 2 +- src/signatures/trx.rs | 2 +- src/signatures/ubi.rs | 4 +- src/signatures/uefi.rs | 2 +- src/signatures/uimage.rs | 2 +- src/signatures/vxworks.rs | 2 +- src/signatures/xz.rs | 2 +- src/signatures/yaffs.rs | 2 +- src/signatures/zip.rs | 2 +- src/signatures/zlib.rs | 2 +- src/signatures/zstd.rs | 2 +- src/structures/elf.rs | 72 +++++++++---------- src/structures/gzip.rs | 124 ++++++++++++++++---------------- src/structures/jboot.rs | 29 ++++---- src/structures/lzma.rs | 22 +++--- src/structures/pchrom.rs | 25 ++++--- src/structures/seama.rs | 12 ++-- src/structures/uimage.rs | 48 ++++++------- src/structures/vxworks.rs | 19 ++--- 69 files changed, 265 insertions(+), 292 deletions(-) diff --git a/src/binwalk.rs b/src/binwalk.rs index 88e6b6b4e..d86e59836 100644 --- a/src/binwalk.rs +++ b/src/binwalk.rs @@ -252,39 +252,35 @@ impl Binwalk { let magic_start = FILE_START_OFFSET + signature.magic_offset; let magic_end = magic_start + magic.len(); - if file_data.len() > magic_end { - if file_data[magic_start..magic_end] == magic { - debug!( - "Found {} short magic match at offset {:#X}", - signature.description, magic_start - ); - - if let Ok(mut signature_result) = (signature.parser)(file_data, magic_start) - { - // Auto populate some signature result fields - signature_result_auto_populate(&mut signature_result, signature); + if file_data.len() > magic_end && file_data[magic_start..magic_end] == magic { + debug!( + "Found {} short magic match at offset {:#X}", + signature.description, magic_start + ); - // Add this signature to the file map - file_map.push(signature_result.clone()); - info!( - "Found valid {} short signature at offset {:#X}", - signature_result.name, FILE_START_OFFSET - ); + if let Ok(mut signature_result) = (signature.parser)(file_data, magic_start) { + // Auto populate some signature result fields + signature_result_auto_populate(&mut signature_result, signature); - // Only update the next_valid_offset if confidence is at least medium - if signature_result.confidence >= signatures::common::CONFIDENCE_MEDIUM - { - next_valid_offset = signature_result.offset + signature_result.size; - } + // Add this signature to the file map + file_map.push(signature_result.clone()); + info!( + "Found valid {} short signature at offset {:#X}", + signature_result.name, FILE_START_OFFSET + ); - // Only one signature can match at fixed offset 0 - break; - } else { - debug!( - "{} short signature match at offset {:#X} is invalid", - signature.description, FILE_START_OFFSET - ); + // Only update the next_valid_offset if confidence is at least medium + if signature_result.confidence >= signatures::common::CONFIDENCE_MEDIUM { + next_valid_offset = signature_result.offset + signature_result.size; } + + // Only one signature can match at fixed offset 0 + break; + } else { + debug!( + "{} short signature match at offset {:#X} is invalid", + signature.description, FILE_START_OFFSET + ); } } } diff --git a/src/extractors/arcadyan.rs b/src/extractors/arcadyan.rs index a9f996acc..456616030 100644 --- a/src/extractors/arcadyan.rs +++ b/src/extractors/arcadyan.rs @@ -25,14 +25,12 @@ pub fn extract_obfuscated_lzma( let available_data: usize = file_data.len() - offset; // Sanity check data size - if available_data <= MAX_DATA_SIZE { - if available_data > MIN_DATA_SIZE { - // De-obfuscate the LZMA data - let deobfuscated_data = arcadyan_deobfuscator(&file_data[offset..]); - - // Do a decompression on the LZMA data (actual LZMA data starts 4 bytes into the deobfuscated data) - result = lzma_decompress(&deobfuscated_data, LZMA_DATA_OFFSET, output_directory); - } + if available_data <= MAX_DATA_SIZE && available_data > MIN_DATA_SIZE { + // De-obfuscate the LZMA data + let deobfuscated_data = arcadyan_deobfuscator(&file_data[offset..]); + + // Do a decompression on the LZMA data (actual LZMA data starts 4 bytes into the deobfuscated data) + result = lzma_decompress(&deobfuscated_data, LZMA_DATA_OFFSET, output_directory); } result diff --git a/src/extractors/common.rs b/src/extractors/common.rs index 4d0fab13c..6c1666b8a 100644 --- a/src/extractors/common.rs +++ b/src/extractors/common.rs @@ -810,11 +810,9 @@ pub fn execute( result.do_not_recurse = extractor_definition.do_not_recurse; // If the extractor reported success, make sure it extracted something other than just an empty file - if result.success { - if !was_something_extracted(&result.output_directory) { - result.success = false; - warn!("Extractor exited successfully, but no data was extracted"); - } + if result.success && !was_something_extracted(&result.output_directory) { + result.success = false; + warn!("Extractor exited successfully, but no data was extracted"); } } } @@ -914,7 +912,7 @@ fn spawn( Ok(child) => { // If the process was spawned successfully, return some information about the process let proc_info = ProcInfo { - child: child, + child, carved_file: carved_file.clone(), exit_codes: extractor.exit_codes, }; diff --git a/src/extractors/jpeg.rs b/src/extractors/jpeg.rs index d5e3b438b..6458d7406 100644 --- a/src/extractors/jpeg.rs +++ b/src/extractors/jpeg.rs @@ -48,10 +48,8 @@ fn get_jpeg_data_size(jpeg_data: &[u8]) -> Option { let eof_candidate: usize = eof_match.start() + EOF_SIZE; // Make sure the expected EOF marker is not immediately followed by 0xFF (which would indicate the JPEG continues...) - if eof_candidate < jpeg_data.len() { - if jpeg_data[eof_candidate] == JPEG_DELIM { - continue; - } + if eof_candidate < jpeg_data.len() && jpeg_data[eof_candidate] == JPEG_DELIM { + continue; } return Some(eof_match.start() + EOF_SIZE); diff --git a/src/signatures/aes.rs b/src/signatures/aes.rs index 727960edf..a29e4c2e8 100644 --- a/src/signatures/aes.rs +++ b/src/signatures/aes.rs @@ -18,7 +18,7 @@ pub fn aes_sbox_parser( ) -> Result { // Successful return value let result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_LOW, ..Default::default() diff --git a/src/signatures/androidsparse.rs b/src/signatures/androidsparse.rs index 6937eb34d..8113d87e2 100644 --- a/src/signatures/androidsparse.rs +++ b/src/signatures/androidsparse.rs @@ -17,7 +17,7 @@ pub fn android_sparse_parser( ) -> Result { // Default result, returned on success let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_HIGH, ..Default::default() diff --git a/src/signatures/bzip2.rs b/src/signatures/bzip2.rs index 04f618477..987a115f1 100644 --- a/src/signatures/bzip2.rs +++ b/src/signatures/bzip2.rs @@ -24,7 +24,7 @@ pub fn bzip2_parser(file_data: &[u8], offset: usize) -> Result Result Vec> { pub fn chk_parser(file_data: &[u8], offset: usize) -> Result { // Successful return value let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_MEDIUM, ..Default::default() diff --git a/src/signatures/compressd.rs b/src/signatures/compressd.rs index 502fb0d4d..b3ca915ea 100644 --- a/src/signatures/compressd.rs +++ b/src/signatures/compressd.rs @@ -15,7 +15,7 @@ pub fn compressd_parser( ) -> Result { // Successful return value; confidence is medium since this only matches magic bytes at the beginning of a file let result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_MEDIUM, ..Default::default() diff --git a/src/signatures/copyright.rs b/src/signatures/copyright.rs index 9fd0da875..0dbcc6c6b 100644 --- a/src/signatures/copyright.rs +++ b/src/signatures/copyright.rs @@ -23,7 +23,7 @@ pub fn copyright_parser( // Successful return value let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_HIGH, ..Default::default() diff --git a/src/signatures/cpio.rs b/src/signatures/cpio.rs index f997bc4cb..44b8b7de4 100644 --- a/src/signatures/cpio.rs +++ b/src/signatures/cpio.rs @@ -18,7 +18,7 @@ pub fn cpio_parser(file_data: &[u8], offset: usize) -> Result Vec> { pub fn deb_parser(file_data: &[u8], offset: usize) -> Result { // Successful return value let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_HIGH, ..Default::default() diff --git a/src/signatures/dlob.rs b/src/signatures/dlob.rs index 789991f04..f5cb93721 100644 --- a/src/signatures/dlob.rs +++ b/src/signatures/dlob.rs @@ -13,7 +13,7 @@ pub fn dlob_magic() -> Vec> { pub fn dlob_parser(file_data: &[u8], offset: usize) -> Result { // Successful return value let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_MEDIUM, ..Default::default() diff --git a/src/signatures/dtb.rs b/src/signatures/dtb.rs index 239efcd60..3dd202b9b 100644 --- a/src/signatures/dtb.rs +++ b/src/signatures/dtb.rs @@ -13,7 +13,7 @@ pub fn dtb_magic() -> Vec> { pub fn dtb_parser(file_data: &[u8], offset: usize) -> Result { // Sucessful result let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_MEDIUM, ..Default::default() diff --git a/src/signatures/ecos.rs b/src/signatures/ecos.rs index ffff3cd2a..ce765112a 100644 --- a/src/signatures/ecos.rs +++ b/src/signatures/ecos.rs @@ -32,7 +32,7 @@ pub fn exception_handler_parser( ) -> Result { // Successful return value let mut result = SignatureResult { - offset: offset, + offset, description: EXCEPTION_HANDLER_DESCRIPTION.to_string(), confidence: CONFIDENCE_LOW, ..Default::default() diff --git a/src/signatures/elf.rs b/src/signatures/elf.rs index 1f2665074..e5f2feb2d 100644 --- a/src/signatures/elf.rs +++ b/src/signatures/elf.rs @@ -13,7 +13,7 @@ pub fn elf_magic() -> Vec> { pub fn elf_parser(file_data: &[u8], offset: usize) -> Result { // Successful result let mut result = SignatureResult { - offset: offset, + offset, name: "elf".to_string(), description: DESCRIPTION.to_string(), confidence: CONFIDENCE_MEDIUM, diff --git a/src/signatures/gif.rs b/src/signatures/gif.rs index b2a40eaf4..f1708ada2 100644 --- a/src/signatures/gif.rs +++ b/src/signatures/gif.rs @@ -15,7 +15,7 @@ pub fn gif_magic() -> Vec> { pub fn gif_parser(file_data: &[u8], offset: usize) -> Result { // Successful return value let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_HIGH, ..Default::default() diff --git a/src/signatures/gpg.rs b/src/signatures/gpg.rs index cfc355058..223e6bda4 100644 --- a/src/signatures/gpg.rs +++ b/src/signatures/gpg.rs @@ -16,7 +16,7 @@ pub fn gpg_signed_parser( ) -> Result { // Success result; confidence is high since this signature is only reported what it starts at the beginning of a file let result = SignatureResult { - offset: offset, + offset, confidence: CONFIDENCE_HIGH, description: GPG_SIGNED_DESCRIPTION.to_string(), ..Default::default() diff --git a/src/signatures/gzip.rs b/src/signatures/gzip.rs index 5433af3c8..f2681b401 100644 --- a/src/signatures/gzip.rs +++ b/src/signatures/gzip.rs @@ -40,7 +40,7 @@ pub fn gzip_parser(file_data: &[u8], offset: usize) -> Result Result Result Result { // Successful return value let mut result = SignatureResult { - offset: offset, + offset, description: JBOOT_STAG_DESCRIPTION.to_string(), confidence: CONFIDENCE_LOW, ..Default::default() @@ -117,7 +117,7 @@ pub fn jboot_sch2_parser( ) -> Result { // Successful return value let mut result = SignatureResult { - offset: offset, + offset, description: JBOOT_SCH2_DESCRIPTION.to_string(), confidence: CONFIDENCE_HIGH, ..Default::default() diff --git a/src/signatures/jffs2.rs b/src/signatures/jffs2.rs index d91698c77..afdc1c90a 100644 --- a/src/signatures/jffs2.rs +++ b/src/signatures/jffs2.rs @@ -32,7 +32,7 @@ pub fn jffs2_parser(file_data: &[u8], offset: usize) -> Result Vec> { pub fn jpeg_parser(file_data: &[u8], offset: usize) -> Result { // Successful return value let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_MEDIUM, ..Default::default() diff --git a/src/signatures/linux.rs b/src/signatures/linux.rs index 178d3064c..24cd33a0b 100644 --- a/src/signatures/linux.rs +++ b/src/signatures/linux.rs @@ -68,7 +68,7 @@ pub fn linux_boot_image_parser( let result = SignatureResult { description: LINUX_BOOT_IMAGE_DESCRIPTION.to_string(), - offset: offset, + offset, size: 0, ..Default::default() }; @@ -107,7 +107,7 @@ pub fn linux_kernel_version_parser( const GCC_VERSION_STRING: &str = "gcc "; let mut result = SignatureResult { - offset: offset, + offset, confidence: CONFIDENCE_LOW, ..Default::default() }; diff --git a/src/signatures/luks.rs b/src/signatures/luks.rs index 7829f0914..a55e93537 100644 --- a/src/signatures/luks.rs +++ b/src/signatures/luks.rs @@ -13,7 +13,7 @@ pub fn luks_magic() -> Vec> { pub fn luks_parser(file_data: &[u8], offset: usize) -> Result { // Successful result let mut result = SignatureResult { - offset: offset, + offset, name: "luks".to_string(), description: DESCRIPTION.to_string(), confidence: CONFIDENCE_MEDIUM, diff --git a/src/signatures/lz4.rs b/src/signatures/lz4.rs index 34bd3c4aa..5a13c8fbf 100644 --- a/src/signatures/lz4.rs +++ b/src/signatures/lz4.rs @@ -16,7 +16,7 @@ pub fn lz4_parser(file_data: &[u8], offset: usize) -> Result Vec> { /// Validate LZFSE signatures pub fn lzfse_parser(file_data: &[u8], offset: usize) -> Result { let mut result = SignatureResult { - offset: offset, + offset, confidence: CONFIDENCE_HIGH, description: DESCRIPTION.to_string(), ..Default::default() diff --git a/src/signatures/lzma.rs b/src/signatures/lzma.rs index 6379c36cf..75856a861 100644 --- a/src/signatures/lzma.rs +++ b/src/signatures/lzma.rs @@ -48,7 +48,7 @@ pub fn lzma_magic() -> Vec> { pub fn lzma_parser(file_data: &[u8], offset: usize) -> Result { // Success return value let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_HIGH, ..Default::default() diff --git a/src/signatures/lzop.rs b/src/signatures/lzop.rs index bbd6cef1e..94bbb36bb 100644 --- a/src/signatures/lzop.rs +++ b/src/signatures/lzop.rs @@ -16,7 +16,7 @@ pub fn lzop_magic() -> Vec> { pub fn lzop_parser(file_data: &[u8], offset: usize) -> Result { // Success retrun value let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_HIGH, ..Default::default() diff --git a/src/signatures/openssl.rs b/src/signatures/openssl.rs index 9645d419d..b74763065 100644 --- a/src/signatures/openssl.rs +++ b/src/signatures/openssl.rs @@ -18,7 +18,7 @@ pub fn openssl_crypt_parser( ) -> Result { // Success return value let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_LOW, ..Default::default() diff --git a/src/signatures/packimg.rs b/src/signatures/packimg.rs index ffd369f89..e65f8c371 100644 --- a/src/signatures/packimg.rs +++ b/src/signatures/packimg.rs @@ -12,7 +12,7 @@ pub fn packimg_magic() -> Vec> { /// Parse a PackIMG signature pub fn packimg_parser(file_data: &[u8], offset: usize) -> Result { let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), ..Default::default() }; diff --git a/src/signatures/pcap.rs b/src/signatures/pcap.rs index e66ecb109..1097d8abf 100644 --- a/src/signatures/pcap.rs +++ b/src/signatures/pcap.rs @@ -13,7 +13,7 @@ pub fn pcapng_magic() -> Vec> { pub fn pcapng_parser(file_data: &[u8], offset: usize) -> Result { // Successful return value let mut result = SignatureResult { - offset: offset, + offset, description: PCAPNG_DESCRIPTION.to_string(), confidence: CONFIDENCE_HIGH, ..Default::default() diff --git a/src/signatures/pdf.rs b/src/signatures/pdf.rs index 62d1d8825..4e3503a57 100644 --- a/src/signatures/pdf.rs +++ b/src/signatures/pdf.rs @@ -25,7 +25,7 @@ pub fn pdf_parser(file_data: &[u8], offset: usize) -> Result Vec> { pub fn pe_parser(file_data: &[u8], offset: usize) -> Result { // Successful return value let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_MEDIUM, ..Default::default() diff --git a/src/signatures/pem.rs b/src/signatures/pem.rs index 917039f36..c01e4cb3e 100644 --- a/src/signatures/pem.rs +++ b/src/signatures/pem.rs @@ -35,7 +35,7 @@ pub fn pem_parser(file_data: &[u8], offset: usize) -> Result Result Vec> { pub fn png_parser(file_data: &[u8], offset: usize) -> Result { // Success return value let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_HIGH, ..Default::default() diff --git a/src/signatures/qnx.rs b/src/signatures/qnx.rs index faf93a4b5..b44f26e3e 100644 --- a/src/signatures/qnx.rs +++ b/src/signatures/qnx.rs @@ -17,7 +17,7 @@ pub fn qnx_ifs_magic() -> Vec> { pub fn qnx_ifs_parser(file_data: &[u8], offset: usize) -> Result { // Success return value let mut result = SignatureResult { - offset: offset, + offset, description: IFS_DESCRIPTION.to_string(), ..Default::default() }; diff --git a/src/signatures/rar.rs b/src/signatures/rar.rs index 427dbe1e0..449a3e22a 100644 --- a/src/signatures/rar.rs +++ b/src/signatures/rar.rs @@ -15,7 +15,7 @@ pub fn rar_magic() -> Vec> { pub fn rar_parser(file_data: &[u8], offset: usize) -> Result { // Success return value let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), ..Default::default() }; diff --git a/src/signatures/riff.rs b/src/signatures/riff.rs index 175e9665c..b10015177 100644 --- a/src/signatures/riff.rs +++ b/src/signatures/riff.rs @@ -13,7 +13,7 @@ pub fn riff_magic() -> Vec> { pub fn riff_parser(file_data: &[u8], offset: usize) -> Result { // Success return value let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_MEDIUM, ..Default::default() diff --git a/src/signatures/romfs.rs b/src/signatures/romfs.rs index adffc57f6..442739ef7 100644 --- a/src/signatures/romfs.rs +++ b/src/signatures/romfs.rs @@ -15,7 +15,7 @@ pub fn romfs_parser(file_data: &[u8], offset: usize) -> Result Vec> { pub fn rsa_parser(file_data: &[u8], offset: usize) -> Result { // Successful return value let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_MEDIUM, ..Default::default() diff --git a/src/signatures/rtk.rs b/src/signatures/rtk.rs index 47edf7488..2c8a0b971 100644 --- a/src/signatures/rtk.rs +++ b/src/signatures/rtk.rs @@ -13,7 +13,7 @@ pub fn rtk_magic() -> Vec> { pub fn rtk_parser(file_data: &[u8], offset: usize) -> Result { // Successful return value let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_MEDIUM, ..Default::default() diff --git a/src/signatures/seama.rs b/src/signatures/seama.rs index 45d09113c..de79d7394 100644 --- a/src/signatures/seama.rs +++ b/src/signatures/seama.rs @@ -16,7 +16,7 @@ pub fn seama_magic() -> Vec> { pub fn seama_parser(file_data: &[u8], offset: usize) -> Result { // Success return value let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_LOW, ..Default::default() diff --git a/src/signatures/sevenzip.rs b/src/signatures/sevenzip.rs index f936cbb04..235040571 100644 --- a/src/signatures/sevenzip.rs +++ b/src/signatures/sevenzip.rs @@ -32,7 +32,7 @@ pub fn sevenzip_parser(file_data: &[u8], offset: usize) -> Result Result Result Vec> { pub fn svg_parser(file_data: &[u8], offset: usize) -> Result { // Successful return value let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_MEDIUM, ..Default::default() diff --git a/src/signatures/tarball.rs b/src/signatures/tarball.rs index 1f019857c..8b4418b3c 100644 --- a/src/signatures/tarball.rs +++ b/src/signatures/tarball.rs @@ -86,7 +86,7 @@ pub fn tarball_parser(file_data: &[u8], offset: usize) -> Result Vec> { pub fn tplink_parser(file_data: &[u8], offset: usize) -> Result { // Successful return value let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_MEDIUM, ..Default::default() diff --git a/src/signatures/trx.rs b/src/signatures/trx.rs index 5d56ec33d..b05b34a11 100644 --- a/src/signatures/trx.rs +++ b/src/signatures/trx.rs @@ -14,7 +14,7 @@ pub fn trx_magic() -> Vec> { pub fn trx_parser(file_data: &[u8], offset: usize) -> Result { // Success return value let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_HIGH, ..Default::default() diff --git a/src/signatures/ubi.rs b/src/signatures/ubi.rs index 49b8936b0..0d1155e47 100644 --- a/src/signatures/ubi.rs +++ b/src/signatures/ubi.rs @@ -23,7 +23,7 @@ pub fn ubifs_magic() -> Vec> { pub fn ubifs_parser(file_data: &[u8], offset: usize) -> Result { // Success return value let mut result = SignatureResult { - offset: offset, + offset, description: UBI_FS_DESCRIPTION.to_string(), confidence: CONFIDENCE_HIGH, ..Default::default() @@ -44,7 +44,7 @@ pub fn ubifs_parser(file_data: &[u8], offset: usize) -> Result Result { // Success return value let mut result = SignatureResult { - offset: offset, + offset, description: UBI_IMAGE_DESCRIPTION.to_string(), confidence: CONFIDENCE_HIGH, ..Default::default() diff --git a/src/signatures/uefi.rs b/src/signatures/uefi.rs index 1f57dee4d..dc019b3ec 100644 --- a/src/signatures/uefi.rs +++ b/src/signatures/uefi.rs @@ -68,7 +68,7 @@ pub fn uefi_capsule_parser( // Success return value let mut result = SignatureResult { description: CAPSULE_DESCRIPTION.to_string(), - offset: offset, + offset, size: 0, confidence: CONFIDENCE_MEDIUM, ..Default::default() diff --git a/src/signatures/uimage.rs b/src/signatures/uimage.rs index 1f51bf60b..f718b4285 100644 --- a/src/signatures/uimage.rs +++ b/src/signatures/uimage.rs @@ -16,7 +16,7 @@ pub fn uimage_parser(file_data: &[u8], offset: usize) -> Result Vec> { pub fn xz_parser(file_data: &[u8], offset: usize) -> Result { // Success return value let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_HIGH, ..Default::default() diff --git a/src/signatures/yaffs.rs b/src/signatures/yaffs.rs index 55211e5a5..e99736714 100644 --- a/src/signatures/yaffs.rs +++ b/src/signatures/yaffs.rs @@ -26,7 +26,7 @@ pub fn yaffs_parser(file_data: &[u8], offset: usize) -> Result Vec> { pub fn zip_parser(file_data: &[u8], offset: usize) -> Result { // Success return value let mut result = SignatureResult { - offset: offset, + offset, description: DESCRIPTION.to_string(), confidence: CONFIDENCE_HIGH, ..Default::default() diff --git a/src/signatures/zlib.rs b/src/signatures/zlib.rs index 9d9352a15..171fb74cc 100644 --- a/src/signatures/zlib.rs +++ b/src/signatures/zlib.rs @@ -16,7 +16,7 @@ pub fn zlib_magic() -> Vec> { /// Validate a zlib signature pub fn zlib_parser(file_data: &[u8], offset: usize) -> Result { let mut result = SignatureResult { - offset: offset, + offset, confidence: CONFIDENCE_HIGH, description: DESCRIPTION.to_string(), ..Default::default() diff --git a/src/signatures/zstd.rs b/src/signatures/zstd.rs index fd9ad0e38..c7aa2a41d 100644 --- a/src/signatures/zstd.rs +++ b/src/signatures/zstd.rs @@ -19,7 +19,7 @@ pub fn zstd_parser(file_data: &[u8], offset: usize) -> Result Result { // Endianness doesn't matter here, and we don't know what the ELF's endianness is yet if let Ok(e_ident) = common::parse(elf_data, &elf_ident_structure, "little") { // Sanity check the e_ident fields - if e_ident["padding_1"] == 0 && e_ident["padding_2"] == 0 { - if e_ident["version"] == EXPECTED_VERSION { - if elf_classes.contains_key(&e_ident["class"]) { - if elf_osabi.contains_key(&e_ident["osabi"]) { - if elf_endianness.contains_key(&e_ident["endianness"]) { - // Set the ident info - elf_hdr_info.class = elf_classes[&e_ident["class"]].to_string(); - elf_hdr_info.osabi = elf_osabi[&e_ident["osabi"]].to_string(); - elf_hdr_info.endianness = - elf_endianness[&e_ident["endianness"]].to_string(); - - // The rest of the ELF info comes immediately after the ident structure - let elf_info_start: usize = ELF_IDENT_STRUCT_SIZE; - let elf_info_end: usize = elf_info_start + ELF_INFO_STRUCT_SIZE; - - if let Some(elf_info_raw) = elf_data.get(elf_info_start..elf_info_end) { - // Parse the remaining info from the ELF header - if let Ok(elf_info) = common::parse( - elf_info_raw, - &elf_info_structure, - elf_endianness[&e_ident["endianness"]], - ) { - // Sanity check the remaining ELF header fields - if elf_info["version"] == EXPECTED_VERSION { - if elf_types.contains_key(&elf_info["type"]) { - if elf_machines.contains_key(&elf_info["machine"]) { - // Set the ELF info fields - elf_hdr_info.exe_type = - elf_types[&elf_info["type"]].to_string(); - elf_hdr_info.machine = - elf_machines[&elf_info["machine"]].to_string(); - - return Ok(elf_hdr_info); - } - } - } - } - } - } + if e_ident["padding_1"] == 0 + && e_ident["padding_2"] == 0 + && e_ident["version"] == EXPECTED_VERSION + && elf_classes.contains_key(&e_ident["class"]) + && elf_osabi.contains_key(&e_ident["osabi"]) + && elf_endianness.contains_key(&e_ident["endianness"]) + { + // Set the ident info + elf_hdr_info.class = elf_classes[&e_ident["class"]].to_string(); + elf_hdr_info.osabi = elf_osabi[&e_ident["osabi"]].to_string(); + elf_hdr_info.endianness = elf_endianness[&e_ident["endianness"]].to_string(); + + // The rest of the ELF info comes immediately after the ident structure + let elf_info_start: usize = ELF_IDENT_STRUCT_SIZE; + let elf_info_end: usize = elf_info_start + ELF_INFO_STRUCT_SIZE; + + if let Some(elf_info_raw) = elf_data.get(elf_info_start..elf_info_end) { + // Parse the remaining info from the ELF header + if let Ok(elf_info) = common::parse( + elf_info_raw, + &elf_info_structure, + elf_endianness[&e_ident["endianness"]], + ) { + // Sanity check the remaining ELF header fields + if elf_info["version"] == EXPECTED_VERSION + && elf_types.contains_key(&elf_info["type"]) + && elf_machines.contains_key(&elf_info["machine"]) + { + // Set the ELF info fields + elf_hdr_info.exe_type = elf_types[&elf_info["type"]].to_string(); + elf_hdr_info.machine = elf_machines[&elf_info["machine"]].to_string(); + + return Ok(elf_hdr_info); } } } diff --git a/src/structures/gzip.rs b/src/structures/gzip.rs index 0efe965b6..2b890730d 100644 --- a/src/structures/gzip.rs +++ b/src/structures/gzip.rs @@ -67,82 +67,80 @@ pub fn parse_gzip_header(header_data: &[u8]) -> Result { - return Err(StructureError); - } - Some(extra_header_data) => { - // Parse the extra header and update the header_info.size to include this data - match common::parse( - extra_header_data, - &gzip_extra_header_structure, - "little", - ) { - Err(e) => { - return Err(e); - } - Ok(extra_header) => { - header_info.size += - extra_header_size + extra_header["extra_data_len"]; - } - } - } - } + if (gzip_header["flags"] & FLAG_RESERVED) == 0 + && gzip_header["compression_method"] == DEFLATE_COMPRESSION + && known_os_ids.contains_key(&gzip_header["osid"]) + { + // Set the operating system string + header_info.os = known_os_ids[&gzip_header["osid"]].to_string(); + + // Check if the optional "extra" data follows the standard Gzip header + if (gzip_header["flags"] & FLAG_EXTRA) != 0 { + // File offsets and sizes for parsing the extra header + let extra_header_size = common::size(&gzip_extra_header_structure); + let extra_header_start: usize = header_info.size; + let extra_header_end: usize = extra_header_start + extra_header_size; + + match header_data.get(extra_header_start..extra_header_end) { + None => { + return Err(StructureError); } - - // If the NULL-terminated original file name is included, it will be next - if (gzip_header["flags"] & FLAG_NAME) != 0 { - match header_data.get(header_info.size..) { - None => { - return Err(StructureError); + Some(extra_header_data) => { + // Parse the extra header and update the header_info.size to include this data + match common::parse( + extra_header_data, + &gzip_extra_header_structure, + "little", + ) { + Err(e) => { + return Err(e); } - Some(file_name_bytes) => { - header_info.original_name = get_cstring(file_name_bytes); - // The value returned by get_cstring does not include the terminating NULL byte + Ok(extra_header) => { header_info.size += - header_info.original_name.len() + NULL_BYTE_SIZE; + extra_header_size + extra_header["extra_data_len"]; } } } + } + } - // If a NULL-terminated comment is included, it will be next - if (gzip_header["flags"] & FLAG_COMMENT) != 0 { - match header_data.get(header_info.size..) { - None => { - return Err(StructureError); - } - Some(comment_bytes) => { - header_info.comment = get_cstring(comment_bytes); - // The value returned by get_cstring does not include the terminating NULL byte - header_info.size += header_info.comment.len() + NULL_BYTE_SIZE; - } - } + // If the NULL-terminated original file name is included, it will be next + if (gzip_header["flags"] & FLAG_NAME) != 0 { + match header_data.get(header_info.size..) { + None => { + return Err(StructureError); } - - // Finally, a checksum field may be included - if (gzip_header["flags"] & FLAG_CRC) != 0 { - header_info.size += CRC_SIZE; + Some(file_name_bytes) => { + header_info.original_name = get_cstring(file_name_bytes); + // The value returned by get_cstring does not include the terminating NULL byte + header_info.size += header_info.original_name.len() + NULL_BYTE_SIZE; } + } + } - // Deflate data should start at header_info.size; make sure this offset is sane - if header_data.len() >= header_info.size { - return Ok(header_info); + // If a NULL-terminated comment is included, it will be next + if (gzip_header["flags"] & FLAG_COMMENT) != 0 { + match header_data.get(header_info.size..) { + None => { + return Err(StructureError); + } + Some(comment_bytes) => { + header_info.comment = get_cstring(comment_bytes); + // The value returned by get_cstring does not include the terminating NULL byte + header_info.size += header_info.comment.len() + NULL_BYTE_SIZE; } } } + + // Finally, a checksum field may be included + if (gzip_header["flags"] & FLAG_CRC) != 0 { + header_info.size += CRC_SIZE; + } + + // Deflate data should start at header_info.size; make sure this offset is sane + if header_data.len() >= header_info.size { + return Ok(header_info); + } } } diff --git a/src/structures/jboot.rs b/src/structures/jboot.rs index 1f87ae01e..ea192b6ab 100644 --- a/src/structures/jboot.rs +++ b/src/structures/jboot.rs @@ -74,7 +74,7 @@ pub fn parse_jboot_arm_header(jboot_data: &[u8]) -> Result Result Result // Parse the lzma header if let Ok(lzma_header) = common::parse(lzma_data, &lzma_structure, "little") { - // Sanity check expected values for LZMA header fields + // Make sure the expected NULL byte is NULL if lzma_header["null_byte"] == 0 { - if lzma_header["decompressed_size"] >= MIN_SUPPORTED_DECOMPRESSED_SIZE { - if lzma_header["decompressed_size"] == LZMA_STREAM_SIZE - || lzma_header["decompressed_size"] <= MAX_SUPPORTED_DECOMPRESSED_SIZE - { - lzma_hdr_info.properties = lzma_header["properties"]; - lzma_hdr_info.dictionary_size = lzma_header["dictionary_size"]; - lzma_hdr_info.decompressed_size = lzma_header["decompressed_size"]; - - return Ok(lzma_hdr_info); - } + // Sanity check the reported decompressed size + if lzma_header["decompressed_size"] >= MIN_SUPPORTED_DECOMPRESSED_SIZE + && (lzma_header["decompressed_size"] == LZMA_STREAM_SIZE + || lzma_header["decompressed_size"] <= MAX_SUPPORTED_DECOMPRESSED_SIZE) + { + lzma_hdr_info.properties = lzma_header["properties"]; + lzma_hdr_info.dictionary_size = lzma_header["dictionary_size"]; + lzma_hdr_info.decompressed_size = lzma_header["decompressed_size"]; + + return Ok(lzma_hdr_info); } } } diff --git a/src/structures/pchrom.rs b/src/structures/pchrom.rs index 3e057ca90..367687a34 100644 --- a/src/structures/pchrom.rs +++ b/src/structures/pchrom.rs @@ -36,19 +36,18 @@ pub fn parse_pchrom_header(pch_data: &[u8]) -> Result Result= header_size { - if available_data >= total_header_size { - return Ok(SeamaHeader { - data_size: seama_header["data_size"], - header_size: total_header_size, - }); - } + if total_header_size >= header_size && available_data >= total_header_size { + return Ok(SeamaHeader { + data_size: seama_header["data_size"], + header_size: total_header_size, + }); } } } diff --git a/src/structures/uimage.rs b/src/structures/uimage.rs index 5025d35f9..41e0da4d2 100644 --- a/src/structures/uimage.rs +++ b/src/structures/uimage.rs @@ -156,33 +156,27 @@ pub fn parse_uimage_header(uimage_data: &[u8]) -> Result