MagicNumber 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +15 -0
- data/lib/magic_number.rb +273 -0
- metadata +45 -0
checksums.yaml
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
---
|
2
|
+
!binary "U0hBMQ==":
|
3
|
+
metadata.gz: !binary |-
|
4
|
+
ZjU5NWQyNTJjNjA1YWRjYzc3ZWU3MTdjODkxMGRhMTgzZjVlNmYyZA==
|
5
|
+
data.tar.gz: !binary |-
|
6
|
+
NjgxZjQyZGM2ZDU2NDEwOGY2MGJhYjdmYjk2NzMxOTQzMjVjOWQ3Mg==
|
7
|
+
SHA512:
|
8
|
+
metadata.gz: !binary |-
|
9
|
+
MGQwY2U4ZDI2MzQxOGVjZDQ5ZDA5NDYxZGYxNGIwYjdmNWUxMTRlNTM1OTY3
|
10
|
+
Zjg2YzNkZjUyZDcyNWFkZDUyM2MyZmNmYjA0NmU5MWE5YWE5NGVhNmQzOTFk
|
11
|
+
MmE4YzllNGFlZjRlNGJiZjM4OWY4MDE3YjU2YmYyMDUwYzYzNTA=
|
12
|
+
data.tar.gz: !binary |-
|
13
|
+
Njg3NTY3Y2VlNmVjMzM3OTk0ZmU5YzJlMDYwYzNkMmM1Y2I3ZmMwY2JlMmJj
|
14
|
+
MDBlYjE2MjQyNzg1M2FkOTYyZWY3YTNkYTY3OTYxNWM2OWQ1MjkxNmEwZDM1
|
15
|
+
NzNkMjAxMGY5YmRhMDVlMWNiZjZmMjY5YWUwNTRlMDcxYzg3OTE=
|
data/lib/magic_number.rb
ADDED
@@ -0,0 +1,273 @@
|
|
1
|
+
class MagicNumber
|
2
|
+
SIGNATURES = {
|
3
|
+
"pdf" => {
|
4
|
+
'sign_begin' => ["25504446"],
|
5
|
+
'length_begin' => [4],
|
6
|
+
|
7
|
+
'sign_end' => "0a2525454f460a",
|
8
|
+
'offset_end' => IO::SEEK_END,
|
9
|
+
'length_end' => -7
|
10
|
+
},
|
11
|
+
"pic" => {
|
12
|
+
'sign_begin' => ["00"],
|
13
|
+
'length_begin' => [1],
|
14
|
+
},
|
15
|
+
"pif" => {
|
16
|
+
'sign_begin' => ["00"],
|
17
|
+
'length_begin' => [1]
|
18
|
+
},
|
19
|
+
"sea" => {
|
20
|
+
'sign_begin' => ["00"],
|
21
|
+
'length_begin' => [1]
|
22
|
+
},
|
23
|
+
"ytr" => {
|
24
|
+
'sign_begin' => ["00"],
|
25
|
+
'length_begin' => [1]
|
26
|
+
},
|
27
|
+
"dba" => {
|
28
|
+
'sign_begin' => ["BEBAFECA"],
|
29
|
+
'length_begin' => [4]
|
30
|
+
},
|
31
|
+
"ico" => {
|
32
|
+
'sign_begin' => ["00000100"],
|
33
|
+
'length_begin' => [4]
|
34
|
+
},
|
35
|
+
"z" => {
|
36
|
+
'sign_begin' => ["1F9D"],
|
37
|
+
'length_begin' => [2]
|
38
|
+
},
|
39
|
+
"bz2" => {
|
40
|
+
'sign_begin' => ["425A68"],
|
41
|
+
'length_begin' => [3]
|
42
|
+
},
|
43
|
+
"gif" => {
|
44
|
+
'sign_begin' => ["474946383961", "474946383961"],
|
45
|
+
'length_begin' => [6]
|
46
|
+
},
|
47
|
+
"tiff" => {
|
48
|
+
'sign_begin' => ["49492A00", "4D4D002A"],
|
49
|
+
'length_begin' => [4]
|
50
|
+
},
|
51
|
+
"tif" => {
|
52
|
+
'sign_begin' => ["49492A00", "4D4D002A"],
|
53
|
+
'length_begin' => [4]
|
54
|
+
},
|
55
|
+
"cr2" => {
|
56
|
+
'sign_begin' => ["49492A0010000000"],
|
57
|
+
'length_begin' => [8]
|
58
|
+
},
|
59
|
+
"jpg" => {
|
60
|
+
'sign_begin' => ["FFD8FFDB", "FFD8FFE0nnnn4A4649460001", "FFD8FFE1nnnn457869660000"],
|
61
|
+
'length_begin' => [4, 12, 12]
|
62
|
+
},
|
63
|
+
"jpeg" => {
|
64
|
+
'sign_begin' => ["FFD8FFDB", "FFD8FFE0nnnn4A4649460001", "FFD8FFE1nnnn457869660000"],
|
65
|
+
'length_begin' => [4, 12, 12]
|
66
|
+
},
|
67
|
+
"exe" => {
|
68
|
+
'sign_begin' => ["4D5A"],
|
69
|
+
'length_begin' => [2]
|
70
|
+
},
|
71
|
+
"zip" => {
|
72
|
+
'sign_begin' => ["504B0304", "504B0506", "504B0708"],
|
73
|
+
'length_begin' => [4]
|
74
|
+
},
|
75
|
+
"jar" => {
|
76
|
+
'sign_begin' => ["504B0304", "504B0506", "504B0708"],
|
77
|
+
'length_begin' => [4]
|
78
|
+
},
|
79
|
+
"docx" => {
|
80
|
+
'sign_begin' => ["504B0304", "504B0506", "504B0708"],
|
81
|
+
'length_begin' => [4]
|
82
|
+
},
|
83
|
+
"xlsx" => {
|
84
|
+
'sign_begin' => ["504B0304", "504B0506", "504B0708"],
|
85
|
+
'length_begin' => [4]
|
86
|
+
},
|
87
|
+
"pptx" => {
|
88
|
+
'sign_begin' => ["504B0304", "504B0506", "504B0708"],
|
89
|
+
'length_begin' => [4]
|
90
|
+
},
|
91
|
+
"vsdx" => {
|
92
|
+
'sign_begin' => ["504B0304", "504B0506", "504B0708"],
|
93
|
+
'length_begin' => [4]
|
94
|
+
},
|
95
|
+
"rar" => {
|
96
|
+
'sign_begin' => ["526172211A0700", "526172211A070100"],
|
97
|
+
'length_begin' => [7, 8]
|
98
|
+
},
|
99
|
+
"png" => {
|
100
|
+
'sign_begin' => ["89504E470D0A1A0A"],
|
101
|
+
'length_begin' => [8]
|
102
|
+
},
|
103
|
+
"class" => {
|
104
|
+
'sign_begin' => ["CAFEBABE"],
|
105
|
+
'length_begin' => [4]
|
106
|
+
},
|
107
|
+
"asf" => {
|
108
|
+
'sign_begin' => ["3026B2758E66CF11", "A6D900AA0062CE6C"],
|
109
|
+
'length_begin' => [8]
|
110
|
+
},
|
111
|
+
"ogg" => {
|
112
|
+
'sign_begin' => ["4F676753"],
|
113
|
+
'length_begin' => [4]
|
114
|
+
},
|
115
|
+
"oga" => {
|
116
|
+
'sign_begin' => ["4F676753"],
|
117
|
+
'length_begin' => [4]
|
118
|
+
},
|
119
|
+
"ogv" => {
|
120
|
+
'sign_begin' => ["4F676753"],
|
121
|
+
'length_begin' => [4]
|
122
|
+
},
|
123
|
+
"psd" => {
|
124
|
+
'sign_begin' => ["38425053"],
|
125
|
+
'length_begin' => [4]
|
126
|
+
},
|
127
|
+
"wav" => {
|
128
|
+
'sign_begin' => ["52494646nnnnnnnn", "57415645"],
|
129
|
+
'length_begin' => [8, 4]
|
130
|
+
},
|
131
|
+
"avi" => {
|
132
|
+
'sign_begin' => ["52494646nnnnnnnn", "41564920"],
|
133
|
+
'length_begin' => [8,4]
|
134
|
+
},
|
135
|
+
"mp3" => {
|
136
|
+
'sign_begin' => ["FFFB", "494433"],
|
137
|
+
'length_begin' => [2,3]
|
138
|
+
},
|
139
|
+
"bmp" => {
|
140
|
+
'sign_begin' => ["424D"],
|
141
|
+
'length_begin' => [2]
|
142
|
+
},
|
143
|
+
"iso" => {
|
144
|
+
'sign_begin' => ["4344303031"],
|
145
|
+
'length_begin' => [5]
|
146
|
+
},
|
147
|
+
"flac" => {
|
148
|
+
'sign_begin' => ["664C6143"],
|
149
|
+
'length_begin' => [4]
|
150
|
+
},
|
151
|
+
"mid" => {
|
152
|
+
'sign_begin' => ["4D546864"],
|
153
|
+
'length_begin' => [12]
|
154
|
+
},
|
155
|
+
"midi" => {
|
156
|
+
'sign_begin' => ["4D546864"],
|
157
|
+
'length_begin' => [12]
|
158
|
+
},
|
159
|
+
"doc" => {
|
160
|
+
'sign_begin' => ["D0CF11E0A1B11AE1"],
|
161
|
+
'length_begin' => [8]
|
162
|
+
},
|
163
|
+
"xls" => {
|
164
|
+
'sign_begin' => ["D0CF11E0A1B11AE1"],
|
165
|
+
'length_begin' => [8]
|
166
|
+
},
|
167
|
+
"ppt" => {
|
168
|
+
'sign_begin' => ["D0CF11E0A1B11AE1"],
|
169
|
+
'length_begin' => [8]
|
170
|
+
},
|
171
|
+
"msg" => {
|
172
|
+
'sign_begin' => ["D0CF11E0A1B11AE1"],
|
173
|
+
'length_begin' => [8]
|
174
|
+
},
|
175
|
+
"vmdk" => {
|
176
|
+
'sign_begin' => ["4B444D"],
|
177
|
+
'length_begin' => [3]
|
178
|
+
},
|
179
|
+
"crx" => {
|
180
|
+
'sign_begin' => ["43723234"],
|
181
|
+
'length_begin' => [4]
|
182
|
+
},
|
183
|
+
"fh8" => {
|
184
|
+
'sign_begin' => ["41474433"],
|
185
|
+
'length_begin' => [4]
|
186
|
+
},
|
187
|
+
"dmg" => {
|
188
|
+
'sign_begin' => ["7801730D626260"],
|
189
|
+
'length_begin' => [7]
|
190
|
+
},
|
191
|
+
"tar" => {
|
192
|
+
'sign_begin' => ["7573746172003030", "7573746172202000"],
|
193
|
+
'length_begin' => [8,8]
|
194
|
+
},
|
195
|
+
"mkv" => {
|
196
|
+
'sign_begin' => ["1A45DFA3"],
|
197
|
+
'length_begin' => [4]
|
198
|
+
},
|
199
|
+
"mka" => {
|
200
|
+
'sign_begin' => ["1A45DFA3"],
|
201
|
+
'length_begin' => [4]
|
202
|
+
},
|
203
|
+
"mks" => {
|
204
|
+
'sign_begin' => ["1A45DFA3"],
|
205
|
+
'length_begin' => [4]
|
206
|
+
},
|
207
|
+
"mk3d" => {
|
208
|
+
'sign_begin' => ["1A45DFA3"],
|
209
|
+
'length_begin' => [4]
|
210
|
+
},
|
211
|
+
"webm" => {
|
212
|
+
'sign_begin' => ["1A45DFA3"],
|
213
|
+
'length_begin' => [4]
|
214
|
+
}
|
215
|
+
}
|
216
|
+
|
217
|
+
def self.get_signature(ext)
|
218
|
+
return SIGNATURES[ext]
|
219
|
+
end
|
220
|
+
|
221
|
+
|
222
|
+
# @see https://en.wikipedia.org/wiki/List_of_file_signatures
|
223
|
+
# @since 0.0.1
|
224
|
+
# @param [String] file_path Path to analyzable file
|
225
|
+
# @return [boolean] wether the file content is in accordance with the extension
|
226
|
+
def self.is_real?(file_path)
|
227
|
+
file = File.new(file_path, 'r')
|
228
|
+
signature = MagicNumber.get_signature(file_path.split(".").last.downcase)
|
229
|
+
|
230
|
+
MagicNumber.check_begin_sign(file, signature)
|
231
|
+
MagicNumber.check_end_sign(file, signature)
|
232
|
+
|
233
|
+
file.close
|
234
|
+
end
|
235
|
+
|
236
|
+
def self.check_begin_sign(file, signature)
|
237
|
+
if signature.has_key?("sign_begin")
|
238
|
+
i = 0
|
239
|
+
while i < signature['sign_begin'].count
|
240
|
+
sign = MagicNumber.read_beginning_bytes(file, signature['length_begin'][i])
|
241
|
+
return true if (sign == signature['sign_begin'][i])
|
242
|
+
i += 1
|
243
|
+
end
|
244
|
+
|
245
|
+
return false
|
246
|
+
else
|
247
|
+
return true
|
248
|
+
end
|
249
|
+
end
|
250
|
+
|
251
|
+
def self.check_end_sign(file, signature)
|
252
|
+
if signature.has_key?("sign_end")
|
253
|
+
sign = MagicNumber.read_end_bytes(file, signature['offset_end'], signature['length_end'])
|
254
|
+
return (sign == signature['sign_end'])
|
255
|
+
else
|
256
|
+
return true
|
257
|
+
end
|
258
|
+
end
|
259
|
+
|
260
|
+
|
261
|
+
|
262
|
+
def self.read_beginning_bytes(file, length)
|
263
|
+
file.rewind
|
264
|
+
return file.readpartial(length).unpack("H*").first
|
265
|
+
end
|
266
|
+
|
267
|
+
def self.read_end_bytes(file, offset, length)
|
268
|
+
file.seek(length, offset)
|
269
|
+
return file.read.unpack("H*").first
|
270
|
+
end
|
271
|
+
end
|
272
|
+
|
273
|
+
|
metadata
ADDED
@@ -0,0 +1,45 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: MagicNumber
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Adrian Fernandez Lopez
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2016-05-04 00:00:00.000000000 Z
|
12
|
+
dependencies: []
|
13
|
+
description: Detect fake file types using magic numbers
|
14
|
+
email: adrian@adrian-fernandez.net
|
15
|
+
executables: []
|
16
|
+
extensions: []
|
17
|
+
extra_rdoc_files: []
|
18
|
+
files:
|
19
|
+
- lib/magic_number.rb
|
20
|
+
homepage: https://github.com/adrian-fernandez/magic_number
|
21
|
+
licenses:
|
22
|
+
- MIT
|
23
|
+
metadata: {}
|
24
|
+
post_install_message:
|
25
|
+
rdoc_options: []
|
26
|
+
require_paths:
|
27
|
+
- lib
|
28
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
29
|
+
requirements:
|
30
|
+
- - ! '>='
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: '0'
|
33
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
34
|
+
requirements:
|
35
|
+
- - ! '>='
|
36
|
+
- !ruby/object:Gem::Version
|
37
|
+
version: '0'
|
38
|
+
requirements: []
|
39
|
+
rubyforge_project:
|
40
|
+
rubygems_version: 2.2.2
|
41
|
+
signing_key:
|
42
|
+
specification_version: 4
|
43
|
+
summary: Detect fake file types using magic numbers
|
44
|
+
test_files: []
|
45
|
+
has_rdoc:
|