rex-zip 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a95759c12cde8b1cf3896b04ed2ff165bed20426
+  data.tar.gz: a0a2731839cbecedf333df2f3d4fac6a21872cb8
+SHA512:
+  metadata.gz: 5f7bd388a005d6a785845c24207378652ab6429c95be8d08c78f11fd38e8881d1c271060bd0a73e444cc370802f649870e58870d359f940f37fd59f7fc5ec7f7
+  data.tar.gz: f446e3502dbf5a11c75f3bc64de0c8c0962e20cd45d107a9f863005efd1616844e0cc4a85cc5a98e3235b422674c71b1d98813de69310ca5db60ed1a1c7c7da4

data.tar.gz.sig

@@ -0,0 +1,2 @@
+5�<Γ���g�cOƹWT��q���,5�;�d��?!�I)����>�ㆹ�h�e�(���{d=�P�����ax
�t3��t0�#Ր۞�s��98o�U6d��jR��ىϔ
+*�͆~�VA���̖�a�Ґ�k�^ ��,��i�|�T�(,��K�_y�����g�Eo�n�

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.3.1
+before_install: gem install bundler -v 1.12.5

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,52 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, and in the interest of
+fostering an open and welcoming community, we pledge to respect all people who
+contribute through reporting issues, posting feature requests, updating
+documentation, submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free
+experience for everyone, regardless of level of experience, gender, gender
+identity and expression, sexual orientation, disability, personal appearance,
+body size, race, ethnicity, age, religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery
+* Personal attacks
+* Trolling or insulting/derogatory comments
+* Public or private harassment
+* Publishing other's private information, such as physical or electronic
+  addresses, without explicit permission
+* Other unethical or unprofessional conduct
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+By adopting this Code of Conduct, project maintainers commit themselves to
+fairly and consistently applying these principles to every aspect of managing
+this project. Project maintainers who do not follow or enforce the Code of
+Conduct may be permanently removed from the project team.
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project maintainers at msfdev@metasploit.com. If
+the incident involves a committer, you may report directly to
+egypt@metasploit.com or todb@metasploit.com.
+
+All complaints will be reviewed and investigated and will result in a
+response that is deemed necessary and appropriate to the circumstances.
+Maintainers are obligated to maintain confidentiality with regard to the
+reporter of an incident.
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 1.3.0, available at
+[http://contributor-covenant.org/version/1/3/0/][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/3/0/

data/Gemfile

@@ -0,0 +1,5 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in rex-zip.gemspec
+gemspec
+

data/LICENSE

@@ -0,0 +1,27 @@
+Copyright (C) 2012-2013, Rapid7, Inc.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+	  this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright notice,
+	  this list of conditions and the following disclaimer in the documentation
+	  and/or other materials provided with the distribution.
+
+    * Neither the name of Rapid7 LLC nor the names of its contributors
+	  may be used to endorse or promote products derived from this software
+	  without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.md

@@ -0,0 +1,52 @@
+# Rex::Zip
+
+Ruby Exploitation(Rex) Library for creating Zip based archives such as *.zip, *.war, and *.jar files. Ported from the original
+Metasploit Framework code written by jduck.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'rex-zip'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install rex-zip
+
+## Usage
+
+Creating a .zip example:
+
+```ruby
+msfbase = __FILE__
+while File.symlink?(msfbase)
+  msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
+end
+inc = File.dirname(msfbase) + '/../../..'
+$:.unshift(inc)
+
+require 'rex/zip'
+
+# example usage
+zip = Rex::Zip::Archive.new
+zip.add_file("elite.txt", "A" * 1024)
+zip.save_to("lolz.zip")
+```
+
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/rapid7/rex-zip. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "rex/zip"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/rex/zip.rb

@@ -0,0 +1,97 @@
+# -*- coding: binary -*-
+#
+# Zip library
+#
+# Written by Joshua J. Drake <jduck [at] metasploit.com>
+#
+# Based on code contributed by bannedit, and the following SPEC:
+# Reference: http://www.pkware.com/documents/casestudies/APPNOTE.TXT
+#
+require 'rex/zip/version'
+require 'zlib'
+require 'rex/text'
+
+module Rex
+  module Zip
+
+    # various parts of the structure
+    require 'rex/zip/blocks'
+
+    # an entry in a zip file
+    require 'rex/zip/entry'
+
+    # the archive class
+    require 'rex/zip/archive'
+
+    # a child of Archive, implements Java ARchives for creating java applications
+    require 'rex/zip/jar'
+
+    ZIP_VERSION = 0x14
+
+    # general purpose bit flag values
+    #
+    # bit 0
+    GPBF_ENCRYPTED      = 0x0001
+    # bits 1 & 2
+    # implode only
+    GPBF_IMP_8KDICT     = 0x0002
+    GPBF_IMP_3SFT       = 0x0004
+    # deflate only
+    GPBF_DEF_MAX        = 0x0002
+    GPBF_DEF_FAST       = 0x0004
+    GPBF_DEF_SUPERFAST  = 0x0006
+    # lzma only
+    GPBF_LZMA_EOSUSED   = 0x0002
+    # bit 3
+    GPBF_USE_DATADESC   = 0x0008
+    # bit 4
+    GPBF_DEF_ENHANCED   = 0x0010
+    # bit 5
+    GPBF_COMP_PATHCED   = 0x0020
+    # bit 6
+    GPBF_STRONG_ENC     = 0x0040
+    # bit 7-10 unused
+    # bit 11
+    GPBF_STRS_UTF8      = 0x0800
+    # bit 12 (reserved)
+    # bit 13
+    GPBF_DIR_ENCRYPTED  = 0x2000
+    # bit 14,15 (reserved)
+
+
+    # compression methods
+    CM_STORE            = 0
+    CM_SHRINK           = 1
+    CM_REDUCE1          = 2
+    CM_REDUCE2          = 3
+    CM_REDUCE3          = 4
+    CM_REDUCE4          = 5
+    CM_IMPLODE          = 6
+    CM_TOKENIZE         = 7
+    CM_DEFLATE          = 8
+    CM_DEFLATE64        = 9
+    CM_PKWARE_IMPLODE   = 10
+    # 11 - reserved
+    CM_BZIP2            = 12
+    # 13 - reserved
+    CM_LZMA_EFS         = 14
+    # 15-17 reserved
+    CM_IBM_TERSE        = 18
+    CM_IBM_LZ77         = 19
+    # 20-96 reserved
+    CM_WAVPACK          = 97
+    CM_PPMD_V1R1        = 98
+
+
+    # internal file attributes
+    IFA_ASCII           = 0x0001
+    # bits 2 & 3 are reserved
+    IFA_MAINFRAME_MODE  = 0x0002 # ??
+
+
+    # external file attributes
+    EFA_ISDIR           = 0x0001
+
+  end
+end
+

data/lib/rex/zip/archive.rb

@@ -0,0 +1,130 @@
+# -*- coding: binary -*-
+
+module Rex
+module Zip
+
+#
+# This represents an entire archive.
+#
+class Archive
+
+  # An array of the Entry objects stored in this Archive.
+  attr_reader :entries
+
+
+  def initialize(compmeth=CM_DEFLATE)
+    @compmeth = compmeth
+    @entries = []
+  end
+
+  #
+  # Recursively adds a directory of files into the archive.
+  #
+  def add_r(dir)
+    path = File.dirname(dir)
+    Dir[File.join(dir, "**", "**")].each do |file|
+      relative = file.sub(/^#{path.chomp('/')}\//, '')
+      if File.directory?(file)
+        @entries << Entry.new(relative.chomp('/') + '/', '', @compmeth, nil, EFA_ISDIR, nil, nil)
+      else
+        contents = File.read(file, :mode => 'rb')
+        @entries << Entry.new(relative, contents, @compmeth, nil, nil, nil, nil)
+      end
+    end
+  end
+
+  #
+  # Create a new Entry and add it to the archive.
+  #
+  # If fdata is set, the file is populated with that data
+  # from the calling method. If fdata is nil, then the
+  # fs is checked for the file. If central_dir_name is set
+  # it will be used to spoof the name at the Central Directory
+  # at packing time.
+  #
+  def add_file(fname, fdata=nil, xtra=nil, comment=nil, central_dir_name=nil)
+    if (not fdata)
+      begin
+        st = File.stat(fname)
+      rescue
+        return nil
+      end
+
+      ts = st.mtime
+      if (st.directory?)
+        attrs = EFA_ISDIR
+        fdata = ''
+        unless fname[-1,1] == '/'
+          fname += '/'
+        end
+      else
+        f = File.open(fname, 'rb')
+        fdata = f.read(f.stat.size)
+        f.close
+      end
+    end
+
+    @entries << Entry.new(fname, fdata, @compmeth, ts, attrs, xtra, comment, central_dir_name)
+  end
+
+
+  def set_comment(comment)
+    @comment = comment
+  end
+
+
+  #
+  # Write the compressed file to +fname+.
+  #
+  def save_to(fname)
+    f = File.open(fname, 'wb')
+    f.write(pack)
+    f.close
+  end
+
+
+  #
+  # Compress this archive and return the resulting zip file as a String.
+  #
+  def pack
+    ret = ''
+
+    # save the offests
+    offsets = []
+
+    # file 1 .. file n
+    @entries.each { |ent|
+      offsets << ret.length
+      ret << ent.pack
+    }
+
+    # archive decryption header (unsupported)
+    # archive extra data record (unsupported)
+
+    # central directory
+    cfd_offset = ret.length
+    idx = 0
+    @entries.each { |ent|
+      cfd = CentralDir.new(ent, offsets[idx])
+      ret << cfd.pack
+      idx += 1
+    }
+
+    # zip64 end of central dir record (unsupported)
+    # zip64 end of central dir locator (unsupported)
+
+    # end of central directory record
+    cur_offset = ret.length - cfd_offset
+    ret << CentralDirEnd.new(@entries.length, cur_offset, cfd_offset, @comment).pack
+
+    ret
+  end
+
+  def inspect
+    "#<#{self.class} entries = [#{@entries.map{|e| e.name}.join(",")}]>"
+  end
+
+end
+
+end
+end

data/lib/rex/zip/blocks.rb

@@ -0,0 +1,184 @@
+# -*- coding: binary -*-
+
+module Rex
+module Zip
+
+
+#
+# This structure holds the following data pertaining to a Zip entry's data.
+#
+# data crc
+# compressed size
+# uncompressed size
+#
+class CompInfo
+
+  def initialize(crc, compsz, uncompsz)
+    @crc, @compsz, @uncompsz = crc, compsz, uncompsz
+  end
+
+  def pack
+    [ @crc, @compsz, @uncompsz ].pack('VVV')
+  end
+
+end
+
+
+#
+# This structure holds the following data pertaining to a Zip entry.
+#
+# general purpose bit flag
+# compression method
+# modification time
+# modification date
+#
+class CompFlags
+
+  attr_accessor :compmeth
+
+  def initialize(gpbf, compmeth, timestamp)
+    @gpbf = gpbf
+    @compmeth = compmeth
+    @mod_time = ((timestamp.hour << 11) | (timestamp.min << 5) | (timestamp.sec))
+    @mod_date = (((timestamp.year - 1980) << 9) | (timestamp.mon << 5) | (timestamp.day))
+  end
+
+  def pack
+    [ @gpbf, @compmeth, @mod_time, @mod_date ].pack('vvvv')
+  end
+
+end
+
+
+
+#
+# This structure is sometimes stored after the file data and used
+# instead of the fields within the Local File Header.
+#
+class DataDesc
+
+  SIGNATURE = 0x8074b50
+
+  def initialize(compinfo)
+    @compinfo = compinfo
+  end
+
+  def pack
+    ret = [ SIGNATURE ].pack('V')
+    ret << @compinfo.pack
+    ret
+  end
+
+end
+
+
+#
+# This structure records the compression data and flags about
+# a Zip entry to a file.
+#
+class LocalFileHdr
+
+  SIGNATURE = 0x4034b50
+
+  def initialize(entry)
+    @entry = entry
+  end
+
+  def pack
+    path = @entry.relative_path
+
+    ret = [ SIGNATURE, ZIP_VERSION ].pack('Vv')
+    ret << @entry.flags.pack
+    ret << @entry.info.pack
+    ret << [ path.length, @entry.xtra.length ].pack('vv')
+    ret << path
+    ret << @entry.xtra
+    ret
+  end
+
+end
+
+
+#
+# This structure holds all of the information about a particular Zip Entry
+# as it is contained within the central directory.
+#
+class CentralDir
+
+  SIGNATURE = 0x2014b50
+
+  def initialize(entry, offset)
+    @entry = entry
+    @disknum_start = 0
+    @attr_int = 0
+    @attr_ext = 0x20
+    @hdr_offset = offset
+  end
+
+  def pack
+    if @entry.central_dir_name.to_s.strip.empty?
+      path = @entry.relative_path
+    else
+      path = @entry.central_dir_path
+    end
+
+    ret = [ SIGNATURE, ZIP_VERSION ].pack('Vv')
+    ret << [ ZIP_VERSION ].pack('v')
+    ret << @entry.flags.pack
+    ret << @entry.info.pack
+    arr = []
+    arr << path.length
+    arr << @entry.xtra.length
+    arr << @entry.comment.length
+    arr << @disknum_start
+    arr << @attr_int
+    arr << @entry.attrs
+    arr << @hdr_offset
+    ret << arr.pack('vvvvvVV')
+    ret << path
+    ret << @entry.xtra
+    ret << @entry.comment
+    # digital signature not supported
+    ret
+  end
+
+end
+
+
+#
+# This structure is written after the per-entry central directory records to
+# provide information about the archive as a whole.
+#
+class CentralDirEnd
+
+  SIGNATURE = 0x6054b50
+
+  def initialize(ncfd, cfdsz, offset, comment=nil)
+    @disk_no = 0
+    @disk_dir_start = 0
+    @ncfd_this_disk = ncfd
+    @ncfd_total = ncfd
+    @cfd_size = cfdsz
+    @start_offset = offset
+    @comment = comment
+    @comment ||= ''
+  end
+
+
+  def pack
+    arr = []
+    arr << SIGNATURE
+    arr << @disk_no
+    arr << @disk_dir_start
+    arr << @ncfd_this_disk
+    arr << @ncfd_total
+    arr << @cfd_size
+    arr << @start_offset
+    arr << @comment.length
+    (arr.pack('VvvvvVVv') + @comment)
+  end
+
+end
+
+end
+end