credsweeper 1.11.4__tar.gz → 1.11.5__tar.gz

{credsweeper-1.11.4 → credsweeper-1.11.5}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: credsweeper
-Version: 1.11.4
+Version: 1.11.5
 Summary: Credential Sweeper
 Project-URL: Homepage, https://github.com/Samsung/CredSweeper
 Project-URL: Bug Tracker, https://github.com/Samsung/CredSweeper/issues
@@ -37,6 +37,7 @@ Requires-Dist: python-dateutil
 Requires-Dist: python-docx
 Requires-Dist: python-pptx
 Requires-Dist: pyyaml
+Requires-Dist: rpmfile
 Requires-Dist: whatthepatch
 Requires-Dist: xlrd
 Description-Content-Type: text/markdown
@@ -140,11 +141,7 @@ cat output.json
                 "value_start": 12,
                 "value_end": 19,
                 "variable": "password",
-                "entropy_validation": {
-                    "iterator": "BASE64_CHARS",
-                    "entropy": 2.120589933192232,
-                    "valid": false
-                }
+                "entropy": 2.12059
             }
         ]
     }

{credsweeper-1.11.4 → credsweeper-1.11.5}/README.md

@@ -97,11 +97,7 @@ cat output.json
                 "value_start": 12,
                 "value_end": 19,
                 "variable": "password",
-                "entropy_validation": {
-                    "iterator": "BASE64_CHARS",
-                    "entropy": 2.120589933192232,
-                    "valid": false
-                }
+                "entropy": 2.12059
             }
         ]
     }

{credsweeper-1.11.4 → credsweeper-1.11.5}/credsweeper/__init__.py

@@ -18,4 +18,4 @@ __all__ = [
     '__version__'
 ]
 
-__version__ = "1.11.4"
+__version__ = "1.11.5"

credsweeper-1.11.4/credsweeper/deep_scanner/deep_scanner.py → credsweeper-1.11.5/credsweeper/deep_scanner/abstract_scanner.py

@@ -1,245 +1,59 @@
 import contextlib
 import datetime
 import logging
-from typing import List, Optional, Any, Tuple, Union
+from abc import abstractmethod, ABC
+from typing import List, Optional, Tuple, Any, Generator
 
-from credsweeper.common.constants import RECURSIVE_SCAN_LIMITATION, MIN_DATA_LEN, MIN_VALUE_LENGTH
+from credsweeper.common.constants import RECURSIVE_SCAN_LIMITATION, MIN_DATA_LEN, DEFAULT_ENCODING, UTF_8, \
+    MIN_VALUE_LENGTH
 from credsweeper.config import Config
 from credsweeper.credentials import Candidate
 from credsweeper.credentials.augment_candidates import augment_candidates
 from credsweeper.file_handler.byte_content_provider import ByteContentProvider
 from credsweeper.file_handler.content_provider import ContentProvider
 from credsweeper.file_handler.data_content_provider import DataContentProvider
+from credsweeper.file_handler.descriptor import Descriptor
 from credsweeper.file_handler.diff_content_provider import DiffContentProvider
+from credsweeper.file_handler.file_path_extractor import FilePathExtractor
 from credsweeper.file_handler.string_content_provider import StringContentProvider
+from credsweeper.file_handler.struct_content_provider import StructContentProvider
 from credsweeper.file_handler.text_content_provider import TextContentProvider
 from credsweeper.scanner import Scanner
-from credsweeper.utils import Util
-from .byte_scanner import ByteScanner
-from .bzip2_scanner import Bzip2Scanner
-from .deb_scanner import DebScanner
-from .docx_scanner import DocxScanner
-from .eml_scanner import EmlScanner
-from .encoder_scanner import EncoderScanner
-from .gzip_scanner import GzipScanner
-from .html_scanner import HtmlScanner
-from .jks_scanner import JksScanner
-from .lang_scanner import LangScanner
-from .lzma_scanner import LzmaScanner
-from .mxfile_scanner import MxfileScanner
-from .pdf_scanner import PdfScanner
-from .pkcs12_scanner import Pkcs12Scanner
-from .pptx_scanner import PptxScanner
-from .tar_scanner import TarScanner
-from .tmx_scanner import TmxScanner
-from .xlsx_scanner import XlsxScanner
-from .xml_scanner import XmlScanner
-from .zip_scanner import ZipScanner
-from ..common.constants import DEFAULT_ENCODING
-from ..file_handler.file_path_extractor import FilePathExtractor
-from ..file_handler.struct_content_provider import StructContentProvider
 
 logger = logging.getLogger(__name__)
 
 
-class DeepScanner(
-    ByteScanner,  #
-    Bzip2Scanner,  #
-    DocxScanner,  #
-    EncoderScanner,  #
-    GzipScanner,  #
-    HtmlScanner,  #
-    JksScanner,  #
-    LangScanner,  #
-    LzmaScanner,  #
-    PdfScanner,  #
-    Pkcs12Scanner,  #
-    PptxScanner,  #
-    TarScanner,  #
-    DebScanner,  #
-    XmlScanner,  #
-    XlsxScanner,  #
-    ZipScanner
-):  # yapf: disable
-    """Advanced scanner with recursive exploring of data"""
-
-    def __init__(self, config: Config, scanner: Scanner) -> None:
-        """Initialize Advanced credential scanner.
-
-        Args:
-            scanner: CredSweeper scanner object
-            config: dictionary variable, stores analyzer features
-        """
-        self.__config = config
-        self.__scanner = scanner
+class AbstractScanner(ABC):
+    """Base abstract class for all recursive scanners"""
 
     @property
+    @abstractmethod
     def config(self) -> Config:
-        return self.__config
+        """Abstract property to be defined in DeepScanner"""
+        raise NotImplementedError(__name__)
 
     @property
+    @abstractmethod
     def scanner(self) -> Scanner:
-        return self.__scanner
+        """Abstract property to be defined in DeepScanner"""
+        raise NotImplementedError(__name__)
+
+    @abstractmethod
+    def data_scan(
+            self,  #
+            data_provider: DataContentProvider,  #
+            depth: int,  #
+            recursive_limit_size: int) -> Optional[List[Candidate]]:
+        """Abstract method to be defined in DeepScanner"""
+        raise NotImplementedError(__name__)
 
     @staticmethod
-    def get_deep_scanners(data: bytes, file_type: str, depth: int) -> Tuple[List[Any], List[Any]]:
+    @abstractmethod
+    def get_deep_scanners(data: bytes, descriptor: Descriptor, depth: int) -> Tuple[List[Any], List[Any]]:
         """Returns possibly scan methods for the data depends on content and fallback scanners"""
-        deep_scanners: List[Any] = []
-        fallback_scanners: List[Any] = []
-        if Util.is_zip(data):
-            if 0 < depth:
-                deep_scanners.append(ZipScanner)
-            # probably, there might be a docx, xlsx and so on.
-            # It might be scanned with text representation in third-party libraries.
-            if file_type in (".xlsx", ".ods"):
-                deep_scanners.append(XlsxScanner)
-            else:
-                fallback_scanners.append(XlsxScanner)
-            if ".docx" == file_type:
-                deep_scanners.append(DocxScanner)
-            else:
-                fallback_scanners.append(DocxScanner)
-            if ".pptx" == file_type:
-                deep_scanners.append(PptxScanner)
-            else:
-                fallback_scanners.append(PptxScanner)
-        elif Util.is_com(data):
-            if ".xls" == file_type:
-                deep_scanners.append(XlsxScanner)
-            else:
-                fallback_scanners.append(XlsxScanner)
-        elif Util.is_bzip2(data):
-            if 0 < depth:
-                deep_scanners.append(Bzip2Scanner)
-        elif Util.is_lzma(data):
-            if 0 < depth:
-                deep_scanners.append(LzmaScanner)
-        elif Util.is_tar(data):
-            if 0 < depth:
-                deep_scanners.append(TarScanner)
-        elif Util.is_deb(data):
-            if 0 < depth:
-                deep_scanners.append(DebScanner)
-        elif Util.is_gzip(data):
-            if 0 < depth:
-                deep_scanners.append(GzipScanner)
-        elif Util.is_pdf(data):
-            deep_scanners.append(PdfScanner)
-        elif Util.is_jks(data):
-            deep_scanners.append(JksScanner)
-        elif Util.is_asn1(data):
-            deep_scanners.append(Pkcs12Scanner)
-        elif Util.is_xml(data):
-            if Util.is_html(data):
-                deep_scanners.append(HtmlScanner)
-                deep_scanners.append(XmlScanner)
-                fallback_scanners.append(ByteScanner)
-            elif Util.is_mxfile(data):
-                deep_scanners.append(MxfileScanner)
-                deep_scanners.append(XmlScanner)
-                fallback_scanners.append(ByteScanner)
-            elif Util.is_tmx(data):
-                deep_scanners.append(TmxScanner)
-                fallback_scanners.append(XmlScanner)
-                fallback_scanners.append(ByteScanner)
-            else:
-                deep_scanners.append(XmlScanner)
-                fallback_scanners.append(ByteScanner)
-        elif Util.is_eml(data):
-            if ".eml" == file_type:
-                deep_scanners.append(EmlScanner)
-            else:
-                fallback_scanners.append(EmlScanner)
-            fallback_scanners.append(ByteScanner)
-        elif Util.is_known(data):
-            # the format is known but cannot be scanned
-            pass
-        elif not Util.is_binary(data):
-            if 0 < depth:
-                deep_scanners.append(EncoderScanner)
-                deep_scanners.append(LangScanner)
-            deep_scanners.append(ByteScanner)
-        else:
-            logger.warning("Cannot apply a deep scanner for type %s prefix %s", file_type, str(data[:MIN_DATA_LEN]))
-        return deep_scanners, fallback_scanners
-
-    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
-
-    def deep_scan_with_fallback(self, data_provider: DataContentProvider, depth: int,
-                                recursive_limit_size: int) -> List[Candidate]:
-        """Scans with deep scanners and fallback scanners if possible
-
-            Args:
-                data_provider: DataContentProvider with raw data
-                depth: maximal level of recursion
-                recursive_limit_size: maximal bytes of opened files to prevent recursive zip-bomb attack
-
-            Returns: list with candidates
-
-        """
-        candidates: List[Candidate] = []
-        deep_scanners, fallback_scanners = self.get_deep_scanners(data_provider.data, data_provider.file_type, depth)
-        fallback = True
-        for scan_class in deep_scanners:
-            new_candidates = scan_class.data_scan(self, data_provider, depth, recursive_limit_size)
-            if new_candidates is None:
-                # scanner did not recognise the content type
-                continue
-            augment_candidates(candidates, new_candidates)
-            # this scan is successful, so fallback is not necessary
-            fallback = False
-        if fallback:
-            for scan_class in fallback_scanners:
-                fallback_candidates = scan_class.data_scan(self, data_provider, depth, recursive_limit_size)
-                if fallback_candidates is None:
-                    continue
-                augment_candidates(candidates, fallback_candidates)
-                # use only first successful fallback scanner
-                break
-        return candidates
 
     # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
 
-    def scan(self,
-             content_provider: ContentProvider,
-             depth: int,
-             recursive_limit_size: Optional[int] = None) -> List[Candidate]:
-        """Initial scan method to launch recursive scan. Skips ByteScanner to prevent extra scan
-
-            Args:
-                content_provider: ContentProvider that might contain raw data
-                depth: maximal level of recursion
-                recursive_limit_size: maximal bytes of opened files to prevent recursive zip-bomb attack
-        """
-        recursive_limit_size = recursive_limit_size if isinstance(recursive_limit_size,
-                                                                  int) else RECURSIVE_SCAN_LIMITATION
-        candidates: List[Candidate] = []
-        data: Optional[bytes] = None
-        if isinstance(content_provider, (TextContentProvider, ByteContentProvider)):
-            # Feature to scan files which might be containers
-            data = content_provider.data
-            info = f"FILE:{content_provider.file_path}"
-        elif isinstance(content_provider, DiffContentProvider) and content_provider.diff:
-            candidates = self.scanner.scan(content_provider)
-            # Feature to scan binary diffs
-            diff = content_provider.diff[0].get("line")
-            # the check for legal fix mypy issue
-            if isinstance(diff, bytes):
-                data = diff
-            info = f"DIFF:{content_provider.file_path}"
-        else:
-            logger.warning(f"Content provider {type(content_provider)} does not support deep scan")
-            info = "NA"
-
-        if data:
-            data_provider = DataContentProvider(data=data,
-                                                file_path=content_provider.file_path,
-                                                file_type=content_provider.file_type,
-                                                info=content_provider.info or info)
-            new_candidates = self.deep_scan_with_fallback(data_provider, depth, recursive_limit_size - len(data))
-            augment_candidates(candidates, new_candidates)
-        return candidates
-
     def recursive_scan(
             self,  #
             data_provider: DataContentProvider,  #
@@ -278,6 +92,62 @@ class DeepScanner(
 
         return candidates
 
+    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
+
+    @staticmethod
+    def key_value_combination(structure: dict) -> Generator[Tuple[Any, Any], None, None]:
+        """Combine items by `key` and `value` from a dictionary for augmentation
+        {..., "key": "api_key", "value": "XXXXXXX", ...} -> ("api_key", "XXXXXXX")
+
+        """
+        for key_id in ("key", "KEY", "Key"):
+            if key_id in structure:
+                struct_key = structure.get(key_id)
+                break
+        else:
+            struct_key = None
+        if isinstance(struct_key, bytes):
+            # sqlite table may produce bytes for `key`
+            with contextlib.suppress(UnicodeError):
+                struct_key = struct_key.decode(UTF_8)
+        # only str type is common used for the augmentation
+        if struct_key and isinstance(struct_key, str):
+            for value_id in ("value", "VALUE", "Value"):
+                if value_id in structure:
+                    struct_value = structure.get(value_id)
+                    if struct_value and isinstance(struct_value, (str, bytes)):
+                        yield struct_key, struct_value
+                        # break in successful case
+                        break
+
+    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
+
+    @staticmethod
+    def structure_processing(structure: Any) -> Generator[Tuple[Any, Any], None, None]:
+        """Yields pair `key, value` from given structure if applicable"""
+        if isinstance(structure, dict):
+            # transform dictionary to list
+            for key, value in structure.items():
+                if not value:
+                    # skip empty values
+                    continue
+                if isinstance(value, (list, tuple)):
+                    if 1 == len(value):
+                        # simplify some structures like YAML when single item in new line is a value
+                        yield key, value[0]
+                        continue
+                # all other data will be precessed in next code
+                yield key, value
+            yield from AbstractScanner.key_value_combination(structure)
+        elif isinstance(structure, (list, tuple)):
+            # enumerate the items to fit for return structure
+            for key, value in enumerate(structure):
+                yield key, value
+        else:
+            logger.error("Not supported type:%s val:%s", str(type(structure)), repr(structure))
+
+    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
+
     def structure_scan(
             self,  #
             struct_provider: StructContentProvider,  #
@@ -301,35 +171,21 @@ class DeepScanner(
 
         depth -= 1
 
-        items: List[Tuple[Union[int, str], Any]] = []
-        struct_key: Optional[str] = None
-        struct_value: Optional[str] = None
-        lines_for_keyword_rules = []
-        if isinstance(struct_provider.struct, dict):
-            for key, value in struct_provider.struct.items():
-                if isinstance(value, (list, tuple)) and 1 == len(value):
-                    # simplify some structures like YAML when single item in new line is a value
-                    items.append((key, value[0]))
-                else:
-                    items.append((key, value))
-            # for transformation {"key": "api_key", "value": "XXXXXXX"} -> {"api_key": "XXXXXXX"}
-            struct_key = struct_provider.struct.get("key")
-            struct_value = struct_provider.struct.get("value")
-        elif isinstance(struct_provider.struct, (list, tuple)):
-            items = list(enumerate(struct_provider.struct))
-        else:
-            logger.error("Not supported type:%s val:%s", str(type(struct_provider.struct)), str(struct_provider.struct))
+        augmented_lines_for_keyword_rules = []
+        for key, value in AbstractScanner.structure_processing(struct_provider.struct):
+            # a keyword rule may be applicable for `key` (str only) and `value` (str, bytes)
+            keyword_match = bool(isinstance(key, str) and self.scanner.keywords_required_substrings_check(key.lower()))
 
-        for key, value in items:
-            if isinstance(value, dict) or isinstance(value, (list, tuple)) and 1 <= len(value):
+            if isinstance(value, (dict, list, tuple)) and value:
+                # recursive scan for not empty structured `value`
                 val_struct_provider = StructContentProvider(struct=value,
                                                             file_path=struct_provider.file_path,
                                                             file_type=struct_provider.file_type,
                                                             info=f"{struct_provider.info}|STRUCT:{key}")
                 new_candidates = self.structure_scan(val_struct_provider, depth, recursive_limit_size)
                 candidates.extend(new_candidates)
-
             elif isinstance(value, bytes):
+                # recursive data scan
                 if MIN_DATA_LEN <= len(value):
                     bytes_struct_provider = DataContentProvider(data=value,
                                                                 file_path=struct_provider.file_path,
@@ -338,16 +194,15 @@ class DeepScanner(
                     new_limit = recursive_limit_size - len(value)
                     new_candidates = self.recursive_scan(bytes_struct_provider, depth, new_limit)
                     candidates.extend(new_candidates)
-                if MIN_VALUE_LENGTH <= len(value) and isinstance(key, str) \
-                        and self.scanner.keywords_required_substrings_check(key.lower()):
-                    str_val = str(value)
-                    lines_for_keyword_rules.append(f"{key} = '{str_val}'" if '"' in str_val else f'{key} = "{str_val}"')
-
+                if keyword_match and MIN_VALUE_LENGTH <= len(value):
+                    augmented_lines_for_keyword_rules.append(f"{key} = {repr(value)}")
             elif isinstance(value, str):
-                if MIN_DATA_LEN <= len(value):
+                # recursive text scan with transformation into bytes
+                stripped_value = value.strip()
+                if MIN_DATA_LEN <= len(stripped_value):
                     # recursive scan only for data which may be decoded at least
                     with contextlib.suppress(UnicodeError):
-                        data = value.encode(encoding=DEFAULT_ENCODING, errors='strict')
+                        data = stripped_value.encode(encoding=DEFAULT_ENCODING, errors='strict')
                         str_struct_provider = DataContentProvider(data=data,
                                                                   file_path=struct_provider.file_path,
                                                                   file_type=struct_provider.file_type,
@@ -355,32 +210,97 @@ class DeepScanner(
                         new_limit = recursive_limit_size - len(str_struct_provider.data)
                         new_candidates = self.recursive_scan(str_struct_provider, depth, new_limit)
                         candidates.extend(new_candidates)
-                # use key = "value" scan for common cases like in TOML
-                if MIN_VALUE_LENGTH <= len(value) and isinstance(key, str) \
-                        and self.scanner.keywords_required_substrings_check(key.lower()):
-                    lines_for_keyword_rules.append(f"{key} = '{value}'" if '"' in value else f'{key} = "{value}"')
-
-            elif isinstance(value, (int, float, datetime.date, datetime.datetime)):
+                if keyword_match and MIN_VALUE_LENGTH <= len(stripped_value):
+                    augmented_lines_for_keyword_rules.append(f"{key} = {repr(stripped_value)}")
+            elif value is None or isinstance(value, (int, float, datetime.date, datetime.datetime)):
                 # skip useless types
                 pass
             else:
                 logger.warning("Not supported type:%s value(%s)", str(type(value)), str(value))
 
-        if lines_for_keyword_rules:
-            str_provider = StringContentProvider(lines_for_keyword_rules,
+        if augmented_lines_for_keyword_rules:
+            str_provider = StringContentProvider(augmented_lines_for_keyword_rules,
                                                  file_path=struct_provider.file_path,
-                                                 file_type=".py",
-                                                 info=f"{struct_provider.info}|KEYWORD:`{lines_for_keyword_rules}`")
+                                                 file_type=struct_provider.file_type,
+                                                 info=f"{struct_provider.info}|KEYWORD")
             new_candidates = self.scanner.scan(str_provider)
             augment_candidates(candidates, new_candidates)
 
-        # last check when dictionary is {"key": "api_key", "value": "XXXXXXX"} -> {"api_key": "XXXXXXX"}
-        if isinstance(struct_key, str) and isinstance(struct_value, str):
-            key_value_provider = StringContentProvider(
-                [f"{struct_key} = '{struct_value}'" if '"' in struct_value else f'{struct_key} = "{struct_value}"'],
-                file_path=struct_provider.file_path,
-                file_type=".toml",
-                info=f"{struct_provider.info}|KEY_VALUE:`{lines_for_keyword_rules}`")
-            new_candidates = self.scanner.scan(key_value_provider)
+        return candidates
+
+    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
+
+    def deep_scan_with_fallback(self, data_provider: DataContentProvider, depth: int,
+                                recursive_limit_size: int) -> List[Candidate]:
+        """Scans with deep scanners and fallback scanners if possible
+
+            Args:
+                data_provider: DataContentProvider with raw data
+                depth: maximal level of recursion
+                recursive_limit_size: maximal bytes of opened files to prevent recursive zip-bomb attack
+
+            Returns: list with candidates
+
+        """
+        candidates: List[Candidate] = []
+        deep_scanners, fallback_scanners = self.get_deep_scanners(data_provider.data, data_provider.descriptor, depth)
+        fallback = True
+        for scan_class in deep_scanners:
+            new_candidates = scan_class.data_scan(self, data_provider, depth, recursive_limit_size)
+            if new_candidates is None:
+                # scanner did not recognise the content type
+                continue
+            augment_candidates(candidates, new_candidates)
+            # this scan is successful, so fallback is not necessary
+            fallback = False
+        if fallback:
+            for scan_class in fallback_scanners:
+                fallback_candidates = scan_class.data_scan(self, data_provider, depth, recursive_limit_size)
+                if fallback_candidates is None:
+                    continue
+                augment_candidates(candidates, fallback_candidates)
+                # use only first successful fallback scanner
+                break
+        return candidates
+
+    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
+
+    def scan(self,
+             content_provider: ContentProvider,
+             depth: int,
+             recursive_limit_size: Optional[int] = None) -> List[Candidate]:
+        """Initial scan method to launch recursive scan. Skips ByteScanner to prevent extra scan
+
+            Args:
+                content_provider: ContentProvider that might contain raw data
+                depth: maximal level of recursion
+                recursive_limit_size: maximal bytes of opened files to prevent recursive zip-bomb attack
+        """
+        recursive_limit_size = recursive_limit_size if isinstance(recursive_limit_size,
+                                                                  int) else RECURSIVE_SCAN_LIMITATION
+        candidates: List[Candidate] = []
+        data: Optional[bytes] = None
+        if isinstance(content_provider, (TextContentProvider, ByteContentProvider)):
+            # Feature to scan files which might be containers
+            data = content_provider.data
+            info = f"FILE:{content_provider.file_path}"
+        elif isinstance(content_provider, DiffContentProvider) and content_provider.diff:
+            candidates = self.scanner.scan(content_provider)
+            # Feature to scan binary diffs
+            diff = content_provider.diff[0].get("line")
+            # the check for legal fix mypy issue
+            if isinstance(diff, bytes):
+                data = diff
+            info = f"DIFF:{content_provider.file_path}"
+        else:
+            logger.warning(f"Content provider {type(content_provider)} does not support deep scan")
+            info = "NA"
+
+        if data:
+            data_provider = DataContentProvider(data=data,
+                                                file_path=content_provider.file_path,
+                                                file_type=content_provider.file_type,
+                                                info=content_provider.info or info)
+            new_candidates = self.deep_scan_with_fallback(data_provider, depth, recursive_limit_size - len(data))
             augment_candidates(candidates, new_candidates)
         return candidates

credsweeper-1.11.5/credsweeper/deep_scanner/deb_scanner.py

@@ -0,0 +1,55 @@
+import logging
+import struct
+from abc import ABC
+from typing import List, Optional, Generator, Tuple
+
+from credsweeper.common.constants import MIN_DATA_LEN, UTF_8
+from credsweeper.credentials import Candidate
+from credsweeper.deep_scanner.abstract_scanner import AbstractScanner
+from credsweeper.file_handler.data_content_provider import DataContentProvider
+from credsweeper.utils.util import Util
+
+logger = logging.getLogger(__name__)
+
+
+class DebScanner(AbstractScanner, ABC):
+    """Implements deb (ar) scanning"""
+
+    __header_size = 60
+
+    @staticmethod
+    def walk_deb(data: bytes) -> Generator[Tuple[int, str, bytes], None, None]:
+        """Processes sequence of DEB archive and yields offset, name and data"""
+        offset = 8  # b"!<arch>\n"
+        data_limit = len(data) - DebScanner.__header_size
+        while offset <= data_limit:
+            _data = data[offset:offset + DebScanner.__header_size]
+            offset += DebScanner.__header_size
+            # basic header structure
+            _name, _, _size, __ = struct.unpack('16s32s10s2s', _data)
+            file_size = int(_size)
+            if MIN_DATA_LEN < file_size <= len(data) - offset:
+                _data = data[offset:offset + file_size]
+                yield offset, _name.decode(encoding=UTF_8).strip().rstrip('/'), _data
+            offset += file_size if 0 == 1 & file_size else file_size + 1
+
+    def data_scan(
+            self,  #
+            data_provider: DataContentProvider,  #
+            depth: int,  #
+            recursive_limit_size: int) -> Optional[List[Candidate]]:
+        """Extracts data file from .ar (debian) archive and launches data_scan"""
+        try:
+            candidates: List[Candidate] = []
+            for offset, name, data in DebScanner.walk_deb(data_provider.data):
+                deb_content_provider = DataContentProvider(data=data,
+                                                           file_path=f"{data_provider.file_path}/{name}",
+                                                           file_type=Util.get_extension(name),
+                                                           info=f"{data_provider.info}|DEB:0x{offset:x}")
+                new_limit = recursive_limit_size - len(data)
+                deb_candidates = self.recursive_scan(deb_content_provider, depth, new_limit)
+                candidates.extend(deb_candidates)
+            return candidates
+        except Exception as exc:
+            logger.error(exc)
+        return None