[Dropper] + add filepath plugin for Dropper #182 #181

Signed-off-by: Gheorghita Mutu <gheorghitamutu@gmail.com>

GViewCore/src/Regex/regex_wrapper.cpp

@@ -17,7 +17,7 @@ bool Matcher::Init(std::string_view expression, bool isUnicode, bool isCaseSensi
 
     RE2::Options options;
     options.set_case_sensitive(isCaseSensitive);
-    options.set_longest_match(true);
+    options.set_longest_match(false);
 
     absl::string_view asv{ expression.data(), expression.size() };
 
@@ -28,6 +28,8 @@ bool Matcher::Init(std::string_view expression, bool isUnicode, bool isCaseSensi
     };
 
     this->context = c;
+
+    return true;
 }
 
 Matcher::~Matcher()

GenericPlugins/Dropper/include/Dropper.hpp

@@ -39,9 +39,13 @@ class Instance
             context.droppers.emplace_back(std::make_unique<MZPE>());
             context.droppers.emplace_back(std::make_unique<PNG>());
 
+            bool isCaseSensitive = false;
+            bool useUnicode      = true;
+
             // strings
-            context.droppers.emplace_back(std::make_unique<IpAddress>(false, true));
-            context.droppers.emplace_back(std::make_unique<EmailAddress>(false, true));
+            context.droppers.emplace_back(std::make_unique<IpAddress>(isCaseSensitive, useUnicode));
+            context.droppers.emplace_back(std::make_unique<EmailAddress>(isCaseSensitive, useUnicode));
+            context.droppers.emplace_back(std::make_unique<Filepath>(isCaseSensitive, useUnicode));
         }
     }
 

GenericPlugins/Dropper/include/SpecialStrings.hpp

@@ -6,41 +6,47 @@
 
 namespace GView::GenericPlugins::Droppper::SpecialStrings
 {
-class IpAddress : public IDrop
+class SpecialStrings : public IDrop
 {
-  private:
+  protected:
     bool unicode{ false };
     bool caseSensitive{ false };
     GView::Regex::Matcher matcherAscii{};
     GView::Regex::Matcher matcherUnicode{};
 
+  public:
+    virtual ObjectCategory GetGroup() override;
+    virtual Priority GetPriority() override;
+    virtual bool ShouldGroupInOneFile() override;
+};
+
+class IpAddress : public SpecialStrings
+{
   public:
     IpAddress(bool caseSensitive, bool unicode);
 
     virtual const char* GetName() override;
-    virtual ObjectCategory GetGroup() override;
     virtual const char* GetOutputExtension() override;
-    virtual Priority GetPriority() override;
-    virtual bool ShouldGroupInOneFile() override;
 
     virtual Result Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) override;
 };
-class EmailAddress : public IDrop
+class EmailAddress : public SpecialStrings
 {
-  private:
-    bool unicode{ false };
-    bool caseSensitive{ false };
-    GView::Regex::Matcher matcherAscii{};
-    GView::Regex::Matcher matcherUnicode{};
-
   public:
     EmailAddress(bool caseSensitive, bool unicode);
 
     virtual const char* GetName() override;
-    virtual ObjectCategory GetGroup() override;
     virtual const char* GetOutputExtension() override;
-    virtual Priority GetPriority() override;
-    virtual bool ShouldGroupInOneFile() override;
+
+    virtual Result Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) override;
+};
+class Filepath : public SpecialStrings
+{
+  public:
+    Filepath(bool caseSensitive, bool unicode);
+
+    virtual const char* GetName() override;
+    virtual const char* GetOutputExtension() override;
 
     virtual Result Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) override;
 };

GenericPlugins/Dropper/src/CMakeLists.txt

@@ -1,6 +1,8 @@
 target_sources(Dropper PRIVATE 
-	Dropper.cpp 
+	Dropper.cpp
+	SpecialStrings/SpecialStrings.cpp 
 	SpecialStrings/EmailAddress.cpp
+	SpecialStrings/Filepath.cpp
 	SpecialStrings/IpAddress.cpp
 	Executables/MZPE.cpp
 	Multimedia/PNG.cpp)

GenericPlugins/Dropper/src/SpecialStrings/EmailAddress.cpp

@@ -4,7 +4,7 @@
 
 namespace GView::GenericPlugins::Droppper::SpecialStrings
 {
-static constexpr std::string_view EMAIL_REGEX_ASCII{ R"(([a-z0-9\_\.]+@[a-z\_]+\.[a-z]{2,5}))" };
+static constexpr std::string_view EMAIL_REGEX_ASCII{ R"(^([a-z0-9\_\.]+@[a-z\_]+\.[a-z]{2,5}))" };
 static constexpr std::string_view EMAIL_REGEX_UNICODE{ R"(^(([a-z0-9\_\.]\x00)+@\x00([a-z\_]\x00)+\.\x00([a-z]\x00){2,5}))" };
 
 EmailAddress::EmailAddress(bool caseSensitive, bool unicode)
@@ -20,33 +20,18 @@ const char* EmailAddress::GetName()
     return "Email Address";
 }
 
-ObjectCategory EmailAddress::GetGroup()
-{
-    return ObjectCategory::SpecialStrings;
-}
-
 const char* EmailAddress::GetOutputExtension()
 {
     return "email";
 }
 
-Priority EmailAddress::GetPriority()
-{
-    return Priority::Text;
-}
-
-bool EmailAddress::ShouldGroupInOneFile()
-{
-    return true;
-}
-
 Result EmailAddress::Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end)
 {
     CHECK(precachedBuffer.GetLength() > 0, Result::NotFound, "");
     CHECK(IsAsciiPrintable(precachedBuffer.GetData()[0]), Result::NotFound, "");
 
-    auto buffer = file.Get(offset, 39 * 2, false);         // IPv6 length in Unicode
-    CHECK(buffer.GetLength() >= 14, Result::NotFound, ""); // not enough for IPv4 => length in ASCII
+    auto buffer = file.Get(offset, file.GetCacheSize() / 12, false);
+    CHECK(buffer.GetLength() >= 4, Result::NotFound, "");
 
     if (this->matcherAscii.Match(buffer, start, end)) {
         start += offset;

GenericPlugins/Dropper/src/SpecialStrings/Filepath.cpp

@@ -0,0 +1,55 @@
+#include "SpecialStrings.hpp"
+
+#include <string>
+
+namespace GView::GenericPlugins::Droppper::SpecialStrings
+{
+static constexpr std::string_view PATH_REGEX_ASCII{ R"(^(([a-zA-Z]{1}\:\\[a-zA-Z0-9\\_\. ]+)|(((\/|\.\.)[a-zA-Z\/\.0-9]+\/[a-zA-Z\/\.0-9]+))))" };
+static constexpr std::string_view PATH_REGEX_UNICODE{
+    R"(^((([a-zA-Z]\x00){1}\\x00:\x00\\x00\\x00([a-zA-Z0-9\\_\. ]\x00)+)|((((\/\x00)|\.\x00\.\x00)([a-zA-Z\/\.0-9]\x00)+\/\x00([a-zA-Z\/\.0-9]\x00)+))))"
+};
+
+Filepath::Filepath(bool caseSensitive, bool unicode)
+{
+    this->unicode       = unicode;
+    this->caseSensitive = caseSensitive;
+    this->matcherAscii.Init(PATH_REGEX_ASCII, unicode, caseSensitive);
+    this->matcherUnicode.Init(PATH_REGEX_UNICODE, unicode, caseSensitive);
+}
+
+const char* Filepath::GetName()
+{
+    return "Filepath";
+}
+
+const char* Filepath::GetOutputExtension()
+{
+    return "filepath";
+}
+
+Result Filepath::Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end)
+{
+    CHECK(precachedBuffer.GetLength() > 0, Result::NotFound, "");
+    CHECK(IsAsciiPrintable(precachedBuffer.GetData()[0]), Result::NotFound, "");
+
+    auto buffer = file.Get(offset, file.GetCacheSize() / 12, false);
+    CHECK(buffer.GetLength() >= 4, Result::NotFound, "");
+
+    if (this->matcherAscii.Match(buffer, start, end)) {
+        start += offset;
+        end += offset;
+        return Result::Ascii;
+    }
+
+    CHECK(unicode, Result::NotFound, "");
+    CHECK(precachedBuffer.GetData()[1] == 0, Result::NotFound, ""); // we already checked ascii printable
+
+    if (this->matcherUnicode.Match(buffer, start, end)) {
+        start += offset;
+        end += offset;
+        return Result::Unicode;
+    }
+
+    return Result::NotFound;
+}
+} // namespace GView::GenericPlugins::Droppper::SpecialStrings

GenericPlugins/Dropper/src/SpecialStrings/IpAddress.cpp

@@ -22,26 +22,11 @@ const char* IpAddress::GetName()
     return "IP Address";
 }
 
-ObjectCategory IpAddress::GetGroup()
-{
-    return ObjectCategory::SpecialStrings;
-}
-
 const char* IpAddress::GetOutputExtension()
 {
     return "ip";
 }
 
-Priority IpAddress::GetPriority()
-{
-    return Priority::Text;
-}
-
-bool IpAddress::ShouldGroupInOneFile()
-{
-    return true;
-}
-
 Result IpAddress::Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end)
 {
     CHECK(precachedBuffer.GetLength() > 0, Result::NotFound, "");

GenericPlugins/Dropper/src/SpecialStrings/SpecialStrings.cpp

@@ -0,0 +1,21 @@
+#include "SpecialStrings.hpp"
+
+#include <string>
+
+namespace GView::GenericPlugins::Droppper::SpecialStrings
+{
+ObjectCategory SpecialStrings::GetGroup()
+{
+    return ObjectCategory::SpecialStrings;
+}
+
+Priority SpecialStrings::GetPriority()
+{
+    return Priority::Text;
+}
+
+bool SpecialStrings::ShouldGroupInOneFile()
+{
+    return true;
+}
+} // namespace GView::GenericPlugins::Droppper::SpecialStrings