tlsh 0.1.1 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +14 -0
- data/README.md +1 -8
- data/lib/tlsh.rb +1 -0
- data/lib/tlsh/digest_hash/pearson.rb +3 -0
- data/lib/tlsh/errors.rb +7 -0
- data/lib/tlsh/tlsh.rb +14 -1
- data/lib/tlsh/tlsh_instance.rb +19 -4
- data/lib/tlsh/version.rb +1 -1
- metadata +3 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d43f01d277be3365206f071a36702940b7a5eb71
|
|
4
|
+
data.tar.gz: e41e735d37604cc3b59c6b7dded2a7dc0778198a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: de6fba2a615128e8f9a76d5b0154a9253d69b7506d91370ee6c4dd9f85601dd547aa708a103ed95bb6226dadd92de40231566f4989c5668fc0a5e9074d3ba925
|
|
7
|
+
data.tar.gz: 6c4f65dc62069aad940f25b155dfe9603c7536131c9e8f33cdc8248f8076b130df1ac0298504faceb9841cbbbd933c03d20f00734dc7f320d92f3f1b33c9931d
|
data/CONTRIBUTING.md
ADDED
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
## Contributing
|
|
2
|
+
|
|
3
|
+
1. Fork the repo.
|
|
4
|
+
2. Run the tests. We only take pull requests with passing tests, and it's great to know that you have a clean slate.
|
|
5
|
+
3. Add a test for your change. Only refactoring and documentation changes require no new tests. If you are adding functionality or fixing a bug, we need a test.
|
|
6
|
+
4. Make the test pass.
|
|
7
|
+
5. Push to your fork and submit a pull request.
|
|
8
|
+
|
|
9
|
+
Some things that will increase the chance that your pull request is accepted,
|
|
10
|
+
|
|
11
|
+
* Include tests that fail without your code, and pass with it
|
|
12
|
+
* Update the documentation, the surrounding one, examples elsewhere, guides, whatever is affected by your contribution
|
|
13
|
+
* Follow the existing style of the project
|
|
14
|
+
|
data/README.md
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
[](https://badge.fury.io/rb/tlsh)
|
|
1
2
|
[](https://travis-ci.org/adamliesko/tlsh)
|
|
2
3
|
[](https://coveralls.io/github/adamliesko/tlsh?branch=master)
|
|
3
4
|
|
|
@@ -10,14 +11,6 @@ The computed hash is 35 bytes long (output as 70 hexadecimal characters). The fi
|
|
|
10
11
|
DISCLAIMER: Based on [Trendmicro's TLSH](https://github.com/trendmicro/tlsh) and work of [glaslos](https://github.com/glaslos) Go port [tlsh](https://github.com/glaslos/tlsh).
|
|
11
12
|
## Installation
|
|
12
13
|
|
|
13
|
-
Add this line to your application's Gemfile and execute bundler:
|
|
14
|
-
|
|
15
|
-
```ruby
|
|
16
|
-
gem 'tlsh' && bundle
|
|
17
|
-
```
|
|
18
|
-
|
|
19
|
-
Or install it yourself as:
|
|
20
|
-
|
|
21
14
|
$ gem install tlsh
|
|
22
15
|
|
|
23
16
|
## Usage
|
data/lib/tlsh.rb
CHANGED
|
@@ -20,6 +20,9 @@ module DigestHash
|
|
|
20
20
|
51, 65, 28, 144, 254, 221, 93, 189, 194, 139, 112, 43, 71, 109, 184, 209].freeze
|
|
21
21
|
|
|
22
22
|
def pearson_hash(salt, keys)
|
|
23
|
+
raise Tlsh::MalformedInputError, 'Missing keys for pearson_hash' if keys.nil? || keys.empty?
|
|
24
|
+
raise Tlsh::MalformedInputError, 'Missing salt for pearson_hash' if salt.nil?
|
|
25
|
+
|
|
23
26
|
h = 0
|
|
24
27
|
h = TABLE[h ^ salt]
|
|
25
28
|
h = TABLE[h ^ keys[0]]
|
data/lib/tlsh/errors.rb
ADDED
data/lib/tlsh/tlsh.rb
CHANGED
|
@@ -10,6 +10,11 @@ module Tlsh
|
|
|
10
10
|
LOG1_1 = 0.095310180
|
|
11
11
|
|
|
12
12
|
class << self
|
|
13
|
+
##
|
|
14
|
+
# Computes TLSH based diff between two files.
|
|
15
|
+
#
|
|
16
|
+
# The closer to 0, the smaller the diff. If files are not found, error is raised.
|
|
17
|
+
|
|
13
18
|
def diff_files(filename, other_filename)
|
|
14
19
|
file_a = File.read(filename)
|
|
15
20
|
file_b = File.read(other_filename)
|
|
@@ -19,12 +24,19 @@ module Tlsh
|
|
|
19
24
|
tslh_a.diff(tslh_b)
|
|
20
25
|
end
|
|
21
26
|
|
|
22
|
-
|
|
27
|
+
##
|
|
28
|
+
# Computes TLSH based diff between two files.
|
|
29
|
+
#
|
|
30
|
+
# The closer to 0, the smaller the diff. If files are not found, error is raised.
|
|
31
|
+
|
|
23
32
|
def hash_file(filename)
|
|
24
33
|
file = File.read(filename)
|
|
25
34
|
tlsh_hash(file.bytes)
|
|
26
35
|
end
|
|
27
36
|
|
|
37
|
+
##
|
|
38
|
+
# Computes TLSH of an bytes input.
|
|
39
|
+
|
|
28
40
|
def hash_bytes(blob)
|
|
29
41
|
tlsh_hash(blob)
|
|
30
42
|
end
|
|
@@ -32,6 +44,7 @@ module Tlsh
|
|
|
32
44
|
private
|
|
33
45
|
|
|
34
46
|
def tlsh_hash(input)
|
|
47
|
+
raise Tlsh::InputTooSmallError if input.size < 256
|
|
35
48
|
buckets, checksum, filesize = Buckets.fill_buckets(input)
|
|
36
49
|
|
|
37
50
|
# get the quartiles and their ratio
|
data/lib/tlsh/tlsh_instance.rb
CHANGED
|
@@ -1,8 +1,11 @@
|
|
|
1
1
|
module Tlsh
|
|
2
|
-
# TlshInstance represents single TLSH instance
|
|
2
|
+
# TlshInstance represents single TLSH instance.
|
|
3
3
|
class TlshInstance
|
|
4
4
|
attr_accessor :checksum, :l_value, :q1_ratio, :q2_ratio, :q_ratio, :body
|
|
5
5
|
|
|
6
|
+
##
|
|
7
|
+
# Creates new instance of TlshInstance from the named arguments.
|
|
8
|
+
|
|
6
9
|
def initialize(params = {})
|
|
7
10
|
params.each do |key, value|
|
|
8
11
|
setter = "#{key}="
|
|
@@ -10,17 +13,29 @@ module Tlsh
|
|
|
10
13
|
end
|
|
11
14
|
end
|
|
12
15
|
|
|
13
|
-
|
|
16
|
+
##
|
|
17
|
+
# Returns diff (or similarity) against another TlshInstance.
|
|
18
|
+
#
|
|
19
|
+
# The closer to 0, the smaller the diff. Both instances have to be comparable for comparison. If not, -1 is returned.
|
|
20
|
+
|
|
14
21
|
def diff(other)
|
|
15
22
|
Distance.diff_total(self, other, true)
|
|
16
23
|
end
|
|
17
24
|
|
|
18
|
-
|
|
25
|
+
##
|
|
26
|
+
# Returns the binary representation of the TLSH hash.
|
|
27
|
+
#
|
|
28
|
+
# It's constructed as a concatenation of hash metadata and body,
|
|
29
|
+
|
|
19
30
|
def binary
|
|
20
31
|
[swap_byte(checksum), swap_byte(l_value), q_ratio] + body
|
|
21
32
|
end
|
|
22
33
|
|
|
23
|
-
|
|
34
|
+
##
|
|
35
|
+
# Returns the string representation of the TLSH hash.
|
|
36
|
+
#
|
|
37
|
+
# It's constructed from the binary representation of the hash, converted to hex
|
|
38
|
+
|
|
24
39
|
def string
|
|
25
40
|
binary.map { |i| i.to_i.to_s(16) }.join('')
|
|
26
41
|
end
|
data/lib/tlsh/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tlsh
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- adamliesko
|
|
@@ -99,6 +99,7 @@ files:
|
|
|
99
99
|
- ".rubocop.yml"
|
|
100
100
|
- ".travis.yml"
|
|
101
101
|
- CODE_OF_CONDUCT.md
|
|
102
|
+
- CONTRIBUTING.md
|
|
102
103
|
- Gemfile
|
|
103
104
|
- LICENSE.txt
|
|
104
105
|
- README.md
|
|
@@ -110,6 +111,7 @@ files:
|
|
|
110
111
|
- lib/tlsh/digest_hash/pearson.rb
|
|
111
112
|
- lib/tlsh/distance/distance.rb
|
|
112
113
|
- lib/tlsh/distance/precomputed_bits.rb
|
|
114
|
+
- lib/tlsh/errors.rb
|
|
113
115
|
- lib/tlsh/quartiles.rb
|
|
114
116
|
- lib/tlsh/tlsh.rb
|
|
115
117
|
- lib/tlsh/tlsh_instance.rb
|