Added ELF extractor. You can now specific which categories to search for in file type operations.

2025-04-21 07:16:17 -04:00 · 2019-01-14 18:55:10 +00:00 · 2019-01-14 18:55:10 +00:00 · cd2c8078c8
commit cd2c8078c8
parent 2307325af8
5 changed files with 111 additions and 38 deletions
--- a/src/core/operations/ScanForEmbeddedFiles.mjs
+++ b/src/core/operations/ScanForEmbeddedFiles.mjs
@ -7,6 +7,7 @@
 import Operation from "../Operation";
 import Utils from "../Utils";
 import {scanForFileTypes} from "../lib/FileType";
+import {FILE_SIGNATURES} from "../lib/FileSignatures";

 /**
 * Scan for Embedded Files operation
@ -25,13 +26,13 @@ class ScanForEmbeddedFiles extends Operation {
        this.infoURL = "https://wikipedia.org/wiki/List_of_file_signatures";
        this.inputType = "ArrayBuffer";
        this.outputType = "string";
-        this.args = [
-            {
-                "name": "Ignore common byte sequences",
-                "type": "boolean",
-                "value": true
-            }
-        ];
+        this.args = Object.keys(FILE_SIGNATURES).map(cat => {
+            return {
+                name: cat,
+                type: "boolean",
+                value: cat === "Miscellaneous" ? false : true
+            };
+        });
    }

    /**
@ -41,21 +42,18 @@ class ScanForEmbeddedFiles extends Operation {
     */
    run(input, args) {
        let output = "Scanning data for 'magic bytes' which may indicate embedded files. The following results may be false positives and should not be treat as reliable. Any suffiently long file is likely to contain these magic bytes coincidentally.\n",
-            numFound = 0,
-            numCommonFound = 0;
-        const ignoreCommon = args[0],
-            commonExts = ["ttf", "utf16le", ""],
-            data = new Uint8Array(input),
-            types = scanForFileTypes(data);
+            numFound = 0;
+        const categories = [],
+            data = new Uint8Array(input);

+        args.forEach((cat, i) => {
+            if (cat) categories.push(Object.keys(FILE_SIGNATURES)[i]);
+        });
+
+        const types = scanForFileTypes(data, categories);

        if (types.length) {
            types.forEach(type => {
-                if (ignoreCommon && commonExts.indexOf(type.fileDetails.extension) > -1) {
-                    numCommonFound++;
-                    return;
-                }
-
                numFound++;
                output += "\nOffset " + type.offset + " (0x" + Utils.hex(type.offset) + "):\n" +
                    "  File extension: " + type.fileDetails.extension + "\n" +
@ -71,14 +69,6 @@ class ScanForEmbeddedFiles extends Operation {
            output += "\nNo embedded files were found.";
        }

-        if (numCommonFound > 0) {
-            output += "\n\n" + numCommonFound;
-            output += numCommonFound === 1 ?
-                " file type was detected that has a common byte sequence. This is likely to be a false positive." :
-                " file types were detected that have common byte sequences. These are likely to be false positives.";
-            output += " Run this operation with the 'Ignore common byte sequences' option unchecked to see details.";
-        }
-
        return output;
    }