diff --git a/GViewCore/src/Regex/regex_wrapper.cpp b/GViewCore/src/Regex/regex_wrapper.cpp index 75a0c3b2..57c9007e 100644 --- a/GViewCore/src/Regex/regex_wrapper.cpp +++ b/GViewCore/src/Regex/regex_wrapper.cpp @@ -17,7 +17,7 @@ bool Matcher::Init(std::string_view expression, bool isUnicode, bool isCaseSensi RE2::Options options; options.set_case_sensitive(isCaseSensitive); - options.set_longest_match(true); + options.set_longest_match(false); absl::string_view asv{ expression.data(), expression.size() }; @@ -28,6 +28,8 @@ bool Matcher::Init(std::string_view expression, bool isUnicode, bool isCaseSensi }; this->context = c; + + return true; } Matcher::~Matcher() diff --git a/GenericPlugins/Dropper/include/Dropper.hpp b/GenericPlugins/Dropper/include/Dropper.hpp index 0d411fdd..c717a63f 100644 --- a/GenericPlugins/Dropper/include/Dropper.hpp +++ b/GenericPlugins/Dropper/include/Dropper.hpp @@ -39,9 +39,13 @@ class Instance context.droppers.emplace_back(std::make_unique()); context.droppers.emplace_back(std::make_unique()); + bool isCaseSensitive = false; + bool useUnicode = true; + // strings - context.droppers.emplace_back(std::make_unique(false, true)); - context.droppers.emplace_back(std::make_unique(false, true)); + context.droppers.emplace_back(std::make_unique(isCaseSensitive, useUnicode)); + context.droppers.emplace_back(std::make_unique(isCaseSensitive, useUnicode)); + context.droppers.emplace_back(std::make_unique(isCaseSensitive, useUnicode)); } } diff --git a/GenericPlugins/Dropper/include/SpecialStrings.hpp b/GenericPlugins/Dropper/include/SpecialStrings.hpp index 421585be..af17836d 100644 --- a/GenericPlugins/Dropper/include/SpecialStrings.hpp +++ b/GenericPlugins/Dropper/include/SpecialStrings.hpp @@ -6,41 +6,47 @@ namespace GView::GenericPlugins::Droppper::SpecialStrings { -class IpAddress : public IDrop +class SpecialStrings : public IDrop { - private: + protected: bool unicode{ false }; bool caseSensitive{ false }; GView::Regex::Matcher matcherAscii{}; GView::Regex::Matcher matcherUnicode{}; + public: + virtual ObjectCategory GetGroup() override; + virtual Priority GetPriority() override; + virtual bool ShouldGroupInOneFile() override; +}; + +class IpAddress : public SpecialStrings +{ public: IpAddress(bool caseSensitive, bool unicode); virtual const char* GetName() override; - virtual ObjectCategory GetGroup() override; virtual const char* GetOutputExtension() override; - virtual Priority GetPriority() override; - virtual bool ShouldGroupInOneFile() override; virtual Result Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) override; }; -class EmailAddress : public IDrop +class EmailAddress : public SpecialStrings { - private: - bool unicode{ false }; - bool caseSensitive{ false }; - GView::Regex::Matcher matcherAscii{}; - GView::Regex::Matcher matcherUnicode{}; - public: EmailAddress(bool caseSensitive, bool unicode); virtual const char* GetName() override; - virtual ObjectCategory GetGroup() override; virtual const char* GetOutputExtension() override; - virtual Priority GetPriority() override; - virtual bool ShouldGroupInOneFile() override; + + virtual Result Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) override; +}; +class Filepath : public SpecialStrings +{ + public: + Filepath(bool caseSensitive, bool unicode); + + virtual const char* GetName() override; + virtual const char* GetOutputExtension() override; virtual Result Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) override; }; diff --git a/GenericPlugins/Dropper/src/CMakeLists.txt b/GenericPlugins/Dropper/src/CMakeLists.txt index 0aaaf053..93345ad4 100644 --- a/GenericPlugins/Dropper/src/CMakeLists.txt +++ b/GenericPlugins/Dropper/src/CMakeLists.txt @@ -1,6 +1,8 @@ target_sources(Dropper PRIVATE - Dropper.cpp + Dropper.cpp + SpecialStrings/SpecialStrings.cpp SpecialStrings/EmailAddress.cpp + SpecialStrings/Filepath.cpp SpecialStrings/IpAddress.cpp Executables/MZPE.cpp Multimedia/PNG.cpp) diff --git a/GenericPlugins/Dropper/src/SpecialStrings/EmailAddress.cpp b/GenericPlugins/Dropper/src/SpecialStrings/EmailAddress.cpp index 1de203c4..e858ca2b 100644 --- a/GenericPlugins/Dropper/src/SpecialStrings/EmailAddress.cpp +++ b/GenericPlugins/Dropper/src/SpecialStrings/EmailAddress.cpp @@ -4,7 +4,7 @@ namespace GView::GenericPlugins::Droppper::SpecialStrings { -static constexpr std::string_view EMAIL_REGEX_ASCII{ R"(([a-z0-9\_\.]+@[a-z\_]+\.[a-z]{2,5}))" }; +static constexpr std::string_view EMAIL_REGEX_ASCII{ R"(^([a-z0-9\_\.]+@[a-z\_]+\.[a-z]{2,5}))" }; static constexpr std::string_view EMAIL_REGEX_UNICODE{ R"(^(([a-z0-9\_\.]\x00)+@\x00([a-z\_]\x00)+\.\x00([a-z]\x00){2,5}))" }; EmailAddress::EmailAddress(bool caseSensitive, bool unicode) @@ -20,33 +20,18 @@ const char* EmailAddress::GetName() return "Email Address"; } -ObjectCategory EmailAddress::GetGroup() -{ - return ObjectCategory::SpecialStrings; -} - const char* EmailAddress::GetOutputExtension() { return "email"; } -Priority EmailAddress::GetPriority() -{ - return Priority::Text; -} - -bool EmailAddress::ShouldGroupInOneFile() -{ - return true; -} - Result EmailAddress::Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) { CHECK(precachedBuffer.GetLength() > 0, Result::NotFound, ""); CHECK(IsAsciiPrintable(precachedBuffer.GetData()[0]), Result::NotFound, ""); - auto buffer = file.Get(offset, 39 * 2, false); // IPv6 length in Unicode - CHECK(buffer.GetLength() >= 14, Result::NotFound, ""); // not enough for IPv4 => length in ASCII + auto buffer = file.Get(offset, file.GetCacheSize() / 12, false); + CHECK(buffer.GetLength() >= 4, Result::NotFound, ""); if (this->matcherAscii.Match(buffer, start, end)) { start += offset; diff --git a/GenericPlugins/Dropper/src/SpecialStrings/Filepath.cpp b/GenericPlugins/Dropper/src/SpecialStrings/Filepath.cpp new file mode 100644 index 00000000..2c456100 --- /dev/null +++ b/GenericPlugins/Dropper/src/SpecialStrings/Filepath.cpp @@ -0,0 +1,55 @@ +#include "SpecialStrings.hpp" + +#include + +namespace GView::GenericPlugins::Droppper::SpecialStrings +{ +static constexpr std::string_view PATH_REGEX_ASCII{ R"(^(([a-zA-Z]{1}\:\\[a-zA-Z0-9\\_\. ]+)|(((\/|\.\.)[a-zA-Z\/\.0-9]+\/[a-zA-Z\/\.0-9]+))))" }; +static constexpr std::string_view PATH_REGEX_UNICODE{ + R"(^((([a-zA-Z]\x00){1}\\x00:\x00\\x00\\x00([a-zA-Z0-9\\_\. ]\x00)+)|((((\/\x00)|\.\x00\.\x00)([a-zA-Z\/\.0-9]\x00)+\/\x00([a-zA-Z\/\.0-9]\x00)+))))" +}; + +Filepath::Filepath(bool caseSensitive, bool unicode) +{ + this->unicode = unicode; + this->caseSensitive = caseSensitive; + this->matcherAscii.Init(PATH_REGEX_ASCII, unicode, caseSensitive); + this->matcherUnicode.Init(PATH_REGEX_UNICODE, unicode, caseSensitive); +} + +const char* Filepath::GetName() +{ + return "Filepath"; +} + +const char* Filepath::GetOutputExtension() +{ + return "filepath"; +} + +Result Filepath::Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) +{ + CHECK(precachedBuffer.GetLength() > 0, Result::NotFound, ""); + CHECK(IsAsciiPrintable(precachedBuffer.GetData()[0]), Result::NotFound, ""); + + auto buffer = file.Get(offset, file.GetCacheSize() / 12, false); + CHECK(buffer.GetLength() >= 4, Result::NotFound, ""); + + if (this->matcherAscii.Match(buffer, start, end)) { + start += offset; + end += offset; + return Result::Ascii; + } + + CHECK(unicode, Result::NotFound, ""); + CHECK(precachedBuffer.GetData()[1] == 0, Result::NotFound, ""); // we already checked ascii printable + + if (this->matcherUnicode.Match(buffer, start, end)) { + start += offset; + end += offset; + return Result::Unicode; + } + + return Result::NotFound; +} +} // namespace GView::GenericPlugins::Droppper::SpecialStrings diff --git a/GenericPlugins/Dropper/src/SpecialStrings/IpAddress.cpp b/GenericPlugins/Dropper/src/SpecialStrings/IpAddress.cpp index 72d5a745..99661ef3 100644 --- a/GenericPlugins/Dropper/src/SpecialStrings/IpAddress.cpp +++ b/GenericPlugins/Dropper/src/SpecialStrings/IpAddress.cpp @@ -22,26 +22,11 @@ const char* IpAddress::GetName() return "IP Address"; } -ObjectCategory IpAddress::GetGroup() -{ - return ObjectCategory::SpecialStrings; -} - const char* IpAddress::GetOutputExtension() { return "ip"; } -Priority IpAddress::GetPriority() -{ - return Priority::Text; -} - -bool IpAddress::ShouldGroupInOneFile() -{ - return true; -} - Result IpAddress::Check(uint64 offset, DataCache& file, BufferView precachedBuffer, uint64& start, uint64& end) { CHECK(precachedBuffer.GetLength() > 0, Result::NotFound, ""); diff --git a/GenericPlugins/Dropper/src/SpecialStrings/SpecialStrings.cpp b/GenericPlugins/Dropper/src/SpecialStrings/SpecialStrings.cpp new file mode 100644 index 00000000..46771307 --- /dev/null +++ b/GenericPlugins/Dropper/src/SpecialStrings/SpecialStrings.cpp @@ -0,0 +1,21 @@ +#include "SpecialStrings.hpp" + +#include + +namespace GView::GenericPlugins::Droppper::SpecialStrings +{ +ObjectCategory SpecialStrings::GetGroup() +{ + return ObjectCategory::SpecialStrings; +} + +Priority SpecialStrings::GetPriority() +{ + return Priority::Text; +} + +bool SpecialStrings::ShouldGroupInOneFile() +{ + return true; +} +} // namespace GView::GenericPlugins::Droppper::SpecialStrings