MagicNumber 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +15 -0
  2. data/lib/magic_number.rb +273 -0
  3. metadata +45 -0
checksums.yaml ADDED
@@ -0,0 +1,15 @@
1
+ ---
2
+ !binary "U0hBMQ==":
3
+ metadata.gz: !binary |-
4
+ ZjU5NWQyNTJjNjA1YWRjYzc3ZWU3MTdjODkxMGRhMTgzZjVlNmYyZA==
5
+ data.tar.gz: !binary |-
6
+ NjgxZjQyZGM2ZDU2NDEwOGY2MGJhYjdmYjk2NzMxOTQzMjVjOWQ3Mg==
7
+ SHA512:
8
+ metadata.gz: !binary |-
9
+ MGQwY2U4ZDI2MzQxOGVjZDQ5ZDA5NDYxZGYxNGIwYjdmNWUxMTRlNTM1OTY3
10
+ Zjg2YzNkZjUyZDcyNWFkZDUyM2MyZmNmYjA0NmU5MWE5YWE5NGVhNmQzOTFk
11
+ MmE4YzllNGFlZjRlNGJiZjM4OWY4MDE3YjU2YmYyMDUwYzYzNTA=
12
+ data.tar.gz: !binary |-
13
+ Njg3NTY3Y2VlNmVjMzM3OTk0ZmU5YzJlMDYwYzNkMmM1Y2I3ZmMwY2JlMmJj
14
+ MDBlYjE2MjQyNzg1M2FkOTYyZWY3YTNkYTY3OTYxNWM2OWQ1MjkxNmEwZDM1
15
+ NzNkMjAxMGY5YmRhMDVlMWNiZjZmMjY5YWUwNTRlMDcxYzg3OTE=
data/lib/magic_number.rb ADDED
@@ -0,0 +1,273 @@
1
+ class MagicNumber
2
+ SIGNATURES = {
3
+ "pdf" => {
4
+ 'sign_begin' => ["25504446"],
5
+ 'length_begin' => [4],
6
+
7
+ 'sign_end' => "0a2525454f460a",
8
+ 'offset_end' => IO::SEEK_END,
9
+ 'length_end' => -7
10
+ },
11
+ "pic" => {
12
+ 'sign_begin' => ["00"],
13
+ 'length_begin' => [1],
14
+ },
15
+ "pif" => {
16
+ 'sign_begin' => ["00"],
17
+ 'length_begin' => [1]
18
+ },
19
+ "sea" => {
20
+ 'sign_begin' => ["00"],
21
+ 'length_begin' => [1]
22
+ },
23
+ "ytr" => {
24
+ 'sign_begin' => ["00"],
25
+ 'length_begin' => [1]
26
+ },
27
+ "dba" => {
28
+ 'sign_begin' => ["BEBAFECA"],
29
+ 'length_begin' => [4]
30
+ },
31
+ "ico" => {
32
+ 'sign_begin' => ["00000100"],
33
+ 'length_begin' => [4]
34
+ },
35
+ "z" => {
36
+ 'sign_begin' => ["1F9D"],
37
+ 'length_begin' => [2]
38
+ },
39
+ "bz2" => {
40
+ 'sign_begin' => ["425A68"],
41
+ 'length_begin' => [3]
42
+ },
43
+ "gif" => {
44
+ 'sign_begin' => ["474946383961", "474946383961"],
45
+ 'length_begin' => [6]
46
+ },
47
+ "tiff" => {
48
+ 'sign_begin' => ["49492A00", "4D4D002A"],
49
+ 'length_begin' => [4]
50
+ },
51
+ "tif" => {
52
+ 'sign_begin' => ["49492A00", "4D4D002A"],
53
+ 'length_begin' => [4]
54
+ },
55
+ "cr2" => {
56
+ 'sign_begin' => ["49492A0010000000"],
57
+ 'length_begin' => [8]
58
+ },
59
+ "jpg" => {
60
+ 'sign_begin' => ["FFD8FFDB", "FFD8FFE0nnnn4A4649460001", "FFD8FFE1nnnn457869660000"],
61
+ 'length_begin' => [4, 12, 12]
62
+ },
63
+ "jpeg" => {
64
+ 'sign_begin' => ["FFD8FFDB", "FFD8FFE0nnnn4A4649460001", "FFD8FFE1nnnn457869660000"],
65
+ 'length_begin' => [4, 12, 12]
66
+ },
67
+ "exe" => {
68
+ 'sign_begin' => ["4D5A"],
69
+ 'length_begin' => [2]
70
+ },
71
+ "zip" => {
72
+ 'sign_begin' => ["504B0304", "504B0506", "504B0708"],
73
+ 'length_begin' => [4]
74
+ },
75
+ "jar" => {
76
+ 'sign_begin' => ["504B0304", "504B0506", "504B0708"],
77
+ 'length_begin' => [4]
78
+ },
79
+ "docx" => {
80
+ 'sign_begin' => ["504B0304", "504B0506", "504B0708"],
81
+ 'length_begin' => [4]
82
+ },
83
+ "xlsx" => {
84
+ 'sign_begin' => ["504B0304", "504B0506", "504B0708"],
85
+ 'length_begin' => [4]
86
+ },
87
+ "pptx" => {
88
+ 'sign_begin' => ["504B0304", "504B0506", "504B0708"],
89
+ 'length_begin' => [4]
90
+ },
91
+ "vsdx" => {
92
+ 'sign_begin' => ["504B0304", "504B0506", "504B0708"],
93
+ 'length_begin' => [4]
94
+ },
95
+ "rar" => {
96
+ 'sign_begin' => ["526172211A0700", "526172211A070100"],
97
+ 'length_begin' => [7, 8]
98
+ },
99
+ "png" => {
100
+ 'sign_begin' => ["89504E470D0A1A0A"],
101
+ 'length_begin' => [8]
102
+ },
103
+ "class" => {
104
+ 'sign_begin' => ["CAFEBABE"],
105
+ 'length_begin' => [4]
106
+ },
107
+ "asf" => {
108
+ 'sign_begin' => ["3026B2758E66CF11", "A6D900AA0062CE6C"],
109
+ 'length_begin' => [8]
110
+ },
111
+ "ogg" => {
112
+ 'sign_begin' => ["4F676753"],
113
+ 'length_begin' => [4]
114
+ },
115
+ "oga" => {
116
+ 'sign_begin' => ["4F676753"],
117
+ 'length_begin' => [4]
118
+ },
119
+ "ogv" => {
120
+ 'sign_begin' => ["4F676753"],
121
+ 'length_begin' => [4]
122
+ },
123
+ "psd" => {
124
+ 'sign_begin' => ["38425053"],
125
+ 'length_begin' => [4]
126
+ },
127
+ "wav" => {
128
+ 'sign_begin' => ["52494646nnnnnnnn", "57415645"],
129
+ 'length_begin' => [8, 4]
130
+ },
131
+ "avi" => {
132
+ 'sign_begin' => ["52494646nnnnnnnn", "41564920"],
133
+ 'length_begin' => [8,4]
134
+ },
135
+ "mp3" => {
136
+ 'sign_begin' => ["FFFB", "494433"],
137
+ 'length_begin' => [2,3]
138
+ },
139
+ "bmp" => {
140
+ 'sign_begin' => ["424D"],
141
+ 'length_begin' => [2]
142
+ },
143
+ "iso" => {
144
+ 'sign_begin' => ["4344303031"],
145
+ 'length_begin' => [5]
146
+ },
147
+ "flac" => {
148
+ 'sign_begin' => ["664C6143"],
149
+ 'length_begin' => [4]
150
+ },
151
+ "mid" => {
152
+ 'sign_begin' => ["4D546864"],
153
+ 'length_begin' => [12]
154
+ },
155
+ "midi" => {
156
+ 'sign_begin' => ["4D546864"],
157
+ 'length_begin' => [12]
158
+ },
159
+ "doc" => {
160
+ 'sign_begin' => ["D0CF11E0A1B11AE1"],
161
+ 'length_begin' => [8]
162
+ },
163
+ "xls" => {
164
+ 'sign_begin' => ["D0CF11E0A1B11AE1"],
165
+ 'length_begin' => [8]
166
+ },
167
+ "ppt" => {
168
+ 'sign_begin' => ["D0CF11E0A1B11AE1"],
169
+ 'length_begin' => [8]
170
+ },
171
+ "msg" => {
172
+ 'sign_begin' => ["D0CF11E0A1B11AE1"],
173
+ 'length_begin' => [8]
174
+ },
175
+ "vmdk" => {
176
+ 'sign_begin' => ["4B444D"],
177
+ 'length_begin' => [3]
178
+ },
179
+ "crx" => {
180
+ 'sign_begin' => ["43723234"],
181
+ 'length_begin' => [4]
182
+ },
183
+ "fh8" => {
184
+ 'sign_begin' => ["41474433"],
185
+ 'length_begin' => [4]
186
+ },
187
+ "dmg" => {
188
+ 'sign_begin' => ["7801730D626260"],
189
+ 'length_begin' => [7]
190
+ },
191
+ "tar" => {
192
+ 'sign_begin' => ["7573746172003030", "7573746172202000"],
193
+ 'length_begin' => [8,8]
194
+ },
195
+ "mkv" => {
196
+ 'sign_begin' => ["1A45DFA3"],
197
+ 'length_begin' => [4]
198
+ },
199
+ "mka" => {
200
+ 'sign_begin' => ["1A45DFA3"],
201
+ 'length_begin' => [4]
202
+ },
203
+ "mks" => {
204
+ 'sign_begin' => ["1A45DFA3"],
205
+ 'length_begin' => [4]
206
+ },
207
+ "mk3d" => {
208
+ 'sign_begin' => ["1A45DFA3"],
209
+ 'length_begin' => [4]
210
+ },
211
+ "webm" => {
212
+ 'sign_begin' => ["1A45DFA3"],
213
+ 'length_begin' => [4]
214
+ }
215
+ }
216
+
217
+ def self.get_signature(ext)
218
+ return SIGNATURES[ext]
219
+ end
220
+
221
+
222
+ # @see https://en.wikipedia.org/wiki/List_of_file_signatures
223
+ # @since 0.0.1
224
+ # @param [String] file_path Path to analyzable file
225
+ # @return [boolean] wether the file content is in accordance with the extension
226
+ def self.is_real?(file_path)
227
+ file = File.new(file_path, 'r')
228
+ signature = MagicNumber.get_signature(file_path.split(".").last.downcase)
229
+
230
+ MagicNumber.check_begin_sign(file, signature)
231
+ MagicNumber.check_end_sign(file, signature)
232
+
233
+ file.close
234
+ end
235
+
236
+ def self.check_begin_sign(file, signature)
237
+ if signature.has_key?("sign_begin")
238
+ i = 0
239
+ while i < signature['sign_begin'].count
240
+ sign = MagicNumber.read_beginning_bytes(file, signature['length_begin'][i])
241
+ return true if (sign == signature['sign_begin'][i])
242
+ i += 1
243
+ end
244
+
245
+ return false
246
+ else
247
+ return true
248
+ end
249
+ end
250
+
251
+ def self.check_end_sign(file, signature)
252
+ if signature.has_key?("sign_end")
253
+ sign = MagicNumber.read_end_bytes(file, signature['offset_end'], signature['length_end'])
254
+ return (sign == signature['sign_end'])
255
+ else
256
+ return true
257
+ end
258
+ end
259
+
260
+
261
+
262
+ def self.read_beginning_bytes(file, length)
263
+ file.rewind
264
+ return file.readpartial(length).unpack("H*").first
265
+ end
266
+
267
+ def self.read_end_bytes(file, offset, length)
268
+ file.seek(length, offset)
269
+ return file.read.unpack("H*").first
270
+ end
271
+ end
272
+
273
+
metadata ADDED
@@ -0,0 +1,45 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: MagicNumber
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Adrian Fernandez Lopez
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2016-05-04 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: Detect fake file types using magic numbers
14
+ email: adrian@adrian-fernandez.net
15
+ executables: []
16
+ extensions: []
17
+ extra_rdoc_files: []
18
+ files:
19
+ - lib/magic_number.rb
20
+ homepage: https://github.com/adrian-fernandez/magic_number
21
+ licenses:
22
+ - MIT
23
+ metadata: {}
24
+ post_install_message:
25
+ rdoc_options: []
26
+ require_paths:
27
+ - lib
28
+ required_ruby_version: !ruby/object:Gem::Requirement
29
+ requirements:
30
+ - - ! '>='
31
+ - !ruby/object:Gem::Version
32
+ version: '0'
33
+ required_rubygems_version: !ruby/object:Gem::Requirement
34
+ requirements:
35
+ - - ! '>='
36
+ - !ruby/object:Gem::Version
37
+ version: '0'
38
+ requirements: []
39
+ rubyforge_project:
40
+ rubygems_version: 2.2.2
41
+ signing_key:
42
+ specification_version: 4
43
+ summary: Detect fake file types using magic numbers
44
+ test_files: []
45
+ has_rdoc: