tlsh 0.1.1 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +14 -0
- data/README.md +1 -8
- data/lib/tlsh.rb +1 -0
- data/lib/tlsh/digest_hash/pearson.rb +3 -0
- data/lib/tlsh/errors.rb +7 -0
- data/lib/tlsh/tlsh.rb +14 -1
- data/lib/tlsh/tlsh_instance.rb +19 -4
- data/lib/tlsh/version.rb +1 -1
- metadata +3 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d43f01d277be3365206f071a36702940b7a5eb71
|
|
4
|
+
data.tar.gz: e41e735d37604cc3b59c6b7dded2a7dc0778198a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: de6fba2a615128e8f9a76d5b0154a9253d69b7506d91370ee6c4dd9f85601dd547aa708a103ed95bb6226dadd92de40231566f4989c5668fc0a5e9074d3ba925
|
|
7
|
+
data.tar.gz: 6c4f65dc62069aad940f25b155dfe9603c7536131c9e8f33cdc8248f8076b130df1ac0298504faceb9841cbbbd933c03d20f00734dc7f320d92f3f1b33c9931d
|
data/CONTRIBUTING.md
ADDED
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
## Contributing
|
|
2
|
+
|
|
3
|
+
1. Fork the repo.
|
|
4
|
+
2. Run the tests. We only take pull requests with passing tests, and it's great to know that you have a clean slate.
|
|
5
|
+
3. Add a test for your change. Only refactoring and documentation changes require no new tests. If you are adding functionality or fixing a bug, we need a test.
|
|
6
|
+
4. Make the test pass.
|
|
7
|
+
5. Push to your fork and submit a pull request.
|
|
8
|
+
|
|
9
|
+
Some things that will increase the chance that your pull request is accepted,
|
|
10
|
+
|
|
11
|
+
* Include tests that fail without your code, and pass with it
|
|
12
|
+
* Update the documentation, the surrounding one, examples elsewhere, guides, whatever is affected by your contribution
|
|
13
|
+
* Follow the existing style of the project
|
|
14
|
+
|
data/README.md
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
[](https://badge.fury.io/rb/tlsh)
|
|
1
2
|
[](https://travis-ci.org/adamliesko/tlsh)
|
|
2
3
|
[](https://coveralls.io/github/adamliesko/tlsh?branch=master)
|
|
3
4
|
|
|
@@ -10,14 +11,6 @@ The computed hash is 35 bytes long (output as 70 hexadecimal characters). The fi
|
|
|
10
11
|
DISCLAIMER: Based on [Trendmicro's TLSH](https://github.com/trendmicro/tlsh) and work of [glaslos](https://github.com/glaslos) Go port [tlsh](https://github.com/glaslos/tlsh).
|
|
11
12
|
## Installation
|
|
12
13
|
|
|
13
|
-
Add this line to your application's Gemfile and execute bundler:
|
|
14
|
-
|
|
15
|
-
```ruby
|
|
16
|
-
gem 'tlsh' && bundle
|
|
17
|
-
```
|
|
18
|
-
|
|
19
|
-
Or install it yourself as:
|
|
20
|
-
|
|
21
14
|
$ gem install tlsh
|
|
22
15
|
|
|
23
16
|
## Usage
|
data/lib/tlsh.rb
CHANGED
|
@@ -20,6 +20,9 @@ module DigestHash
|
|
|
20
20
|
51, 65, 28, 144, 254, 221, 93, 189, 194, 139, 112, 43, 71, 109, 184, 209].freeze
|
|
21
21
|
|
|
22
22
|
def pearson_hash(salt, keys)
|
|
23
|
+
raise Tlsh::MalformedInputError, 'Missing keys for pearson_hash' if keys.nil? || keys.empty?
|
|
24
|
+
raise Tlsh::MalformedInputError, 'Missing salt for pearson_hash' if salt.nil?
|
|
25
|
+
|
|
23
26
|
h = 0
|
|
24
27
|
h = TABLE[h ^ salt]
|
|
25
28
|
h = TABLE[h ^ keys[0]]
|
data/lib/tlsh/errors.rb
ADDED
data/lib/tlsh/tlsh.rb
CHANGED
|
@@ -10,6 +10,11 @@ module Tlsh
|
|
|
10
10
|
LOG1_1 = 0.095310180
|
|
11
11
|
|
|
12
12
|
class << self
|
|
13
|
+
##
|
|
14
|
+
# Computes TLSH based diff between two files.
|
|
15
|
+
#
|
|
16
|
+
# The closer to 0, the smaller the diff. If files are not found, error is raised.
|
|
17
|
+
|
|
13
18
|
def diff_files(filename, other_filename)
|
|
14
19
|
file_a = File.read(filename)
|
|
15
20
|
file_b = File.read(other_filename)
|
|
@@ -19,12 +24,19 @@ module Tlsh
|
|
|
19
24
|
tslh_a.diff(tslh_b)
|
|
20
25
|
end
|
|
21
26
|
|
|
22
|
-
|
|
27
|
+
##
|
|
28
|
+
# Computes TLSH based diff between two files.
|
|
29
|
+
#
|
|
30
|
+
# The closer to 0, the smaller the diff. If files are not found, error is raised.
|
|
31
|
+
|
|
23
32
|
def hash_file(filename)
|
|
24
33
|
file = File.read(filename)
|
|
25
34
|
tlsh_hash(file.bytes)
|
|
26
35
|
end
|
|
27
36
|
|
|
37
|
+
##
|
|
38
|
+
# Computes TLSH of an bytes input.
|
|
39
|
+
|
|
28
40
|
def hash_bytes(blob)
|
|
29
41
|
tlsh_hash(blob)
|
|
30
42
|
end
|
|
@@ -32,6 +44,7 @@ module Tlsh
|
|
|
32
44
|
private
|
|
33
45
|
|
|
34
46
|
def tlsh_hash(input)
|
|
47
|
+
raise Tlsh::InputTooSmallError if input.size < 256
|
|
35
48
|
buckets, checksum, filesize = Buckets.fill_buckets(input)
|
|
36
49
|
|
|
37
50
|
# get the quartiles and their ratio
|
data/lib/tlsh/tlsh_instance.rb
CHANGED
|
@@ -1,8 +1,11 @@
|
|
|
1
1
|
module Tlsh
|
|
2
|
-
# TlshInstance represents single TLSH instance
|
|
2
|
+
# TlshInstance represents single TLSH instance.
|
|
3
3
|
class TlshInstance
|
|
4
4
|
attr_accessor :checksum, :l_value, :q1_ratio, :q2_ratio, :q_ratio, :body
|
|
5
5
|
|
|
6
|
+
##
|
|
7
|
+
# Creates new instance of TlshInstance from the named arguments.
|
|
8
|
+
|
|
6
9
|
def initialize(params = {})
|
|
7
10
|
params.each do |key, value|
|
|
8
11
|
setter = "#{key}="
|
|
@@ -10,17 +13,29 @@ module Tlsh
|
|
|
10
13
|
end
|
|
11
14
|
end
|
|
12
15
|
|
|
13
|
-
|
|
16
|
+
##
|
|
17
|
+
# Returns diff (or similarity) against another TlshInstance.
|
|
18
|
+
#
|
|
19
|
+
# The closer to 0, the smaller the diff. Both instances have to be comparable for comparison. If not, -1 is returned.
|
|
20
|
+
|
|
14
21
|
def diff(other)
|
|
15
22
|
Distance.diff_total(self, other, true)
|
|
16
23
|
end
|
|
17
24
|
|
|
18
|
-
|
|
25
|
+
##
|
|
26
|
+
# Returns the binary representation of the TLSH hash.
|
|
27
|
+
#
|
|
28
|
+
# It's constructed as a concatenation of hash metadata and body,
|
|
29
|
+
|
|
19
30
|
def binary
|
|
20
31
|
[swap_byte(checksum), swap_byte(l_value), q_ratio] + body
|
|
21
32
|
end
|
|
22
33
|
|
|
23
|
-
|
|
34
|
+
##
|
|
35
|
+
# Returns the string representation of the TLSH hash.
|
|
36
|
+
#
|
|
37
|
+
# It's constructed from the binary representation of the hash, converted to hex
|
|
38
|
+
|
|
24
39
|
def string
|
|
25
40
|
binary.map { |i| i.to_i.to_s(16) }.join('')
|
|
26
41
|
end
|
data/lib/tlsh/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tlsh
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- adamliesko
|
|
@@ -99,6 +99,7 @@ files:
|
|
|
99
99
|
- ".rubocop.yml"
|
|
100
100
|
- ".travis.yml"
|
|
101
101
|
- CODE_OF_CONDUCT.md
|
|
102
|
+
- CONTRIBUTING.md
|
|
102
103
|
- Gemfile
|
|
103
104
|
- LICENSE.txt
|
|
104
105
|
- README.md
|
|
@@ -110,6 +111,7 @@ files:
|
|
|
110
111
|
- lib/tlsh/digest_hash/pearson.rb
|
|
111
112
|
- lib/tlsh/distance/distance.rb
|
|
112
113
|
- lib/tlsh/distance/precomputed_bits.rb
|
|
114
|
+
- lib/tlsh/errors.rb
|
|
113
115
|
- lib/tlsh/quartiles.rb
|
|
114
116
|
- lib/tlsh/tlsh.rb
|
|
115
117
|
- lib/tlsh/tlsh_instance.rb
|