Implement IPathCheck helper

This commit is contained in:
Matt Nadareski
2023-03-15 12:55:08 -04:00
parent 5c5e68e31d
commit 47f423d092
2 changed files with 72 additions and 63 deletions

View File

@@ -1,4 +1,5 @@
using System;
using System.Collections.Generic;
using System.Collections.Concurrent;
using System.IO;
using System.Text;
@@ -7,10 +8,10 @@ using BinaryObjectScanner.Interfaces;
using BinaryObjectScanner.Utilities;
using BinaryObjectScanner.Wrappers;
using static BinaryObjectScanner.Utilities.Dictionary;
using System.Linq;
namespace BurnOutSharp
{
// TODO: Implement IPathCheck handler
internal static class Handler
{
#region Multiple Implementation Wrappers
@@ -146,6 +147,31 @@ namespace BurnOutSharp
return protections;
}
/// <summary>
/// Handle a single path based on all path check implementations
/// </summary>
/// <param name="path">Path of the file or directory to check</param>
/// <param name="scanner">Scanner object to use for options and scanning</param>
/// <returns>Set of protections in file, null on error</returns>
public static ConcurrentDictionary<string, ConcurrentQueue<string>> HandlePathChecks(string path, IEnumerable<string> files)
{
// Create the output dictionary
var protections = new ConcurrentDictionary<string, ConcurrentQueue<string>>();
// Preprocess the list of files
files = files?.Select(f => f.Replace('\\', '/'))?.ToList();
// Iterate through all checks
Parallel.ForEach(ScanningClasses.PathCheckClasses, checkClass =>
{
var subProtections = HandlePathCheck(checkClass, path, files);
if (subProtections != null)
AppendToDictionary(protections, subProtections);
});
return protections;
}
/// <summary>
/// Handle a single file based on all portable executable check implementations
/// </summary>
@@ -192,7 +218,7 @@ namespace BurnOutSharp
/// <summary>
/// Handle files based on an IContentCheck implementation
/// </summary>
/// <param name="impl">IDetectable class representing the file type</param>
/// <param name="impl">IDetectable class representing the check</param>
/// <param name="fileName">Name of the source file of the byte array, for tracking</param>
/// <param name="fileContent">Contents of the source file</param>
/// <param name="includeDebug">True to include debug data, false otherwise</param>
@@ -264,7 +290,7 @@ namespace BurnOutSharp
/// <summary>
/// Handle files based on an ILinearExecutableCheck implementation
/// </summary>
/// <param name="impl">ILinearExecutableCheck class representing the file type</param>
/// <param name="impl">ILinearExecutableCheck class representing the check</param>
/// <param name="fileName">Name of the source file of the executable, for tracking</param>
/// <param name="lex">LinearExecutable to check</param>
/// <param name="includeDebug">True to include debug data, false otherwise</param>
@@ -278,7 +304,7 @@ namespace BurnOutSharp
/// <summary>
/// Handle files based on an INewExecutableCheck implementation
/// </summary>
/// <param name="impl">INewExecutableCheck class representing the file type</param>
/// <param name="impl">INewExecutableCheck class representing the check</param>
/// <param name="fileName">Name of the source file of the executable, for tracking</param>
/// <param name="nex">NewExecutable to check</param>
/// <param name="includeDebug">True to include debug data, false otherwise</param>
@@ -289,10 +315,45 @@ namespace BurnOutSharp
return ProcessProtectionString(protection);
}
/// <summary>
/// Handle files based on an IPathCheck implementation
/// </summary>
/// <param name="impl">IPathCheck class representing the file type</param>
/// <param name="path">Path of the file or directory to check</param>
/// <returns>Set of protections in path, null on error</returns>
public static ConcurrentDictionary<string, ConcurrentQueue<string>> HandlePathCheck(IPathCheck impl, string path, IEnumerable<string> files)
{
// If we have an invalid path
if (string.IsNullOrWhiteSpace(path))
return null;
// Setup the output dictionary
var protections = new ConcurrentDictionary<string, ConcurrentQueue<string>>();
// If we have a file path
if (File.Exists(path))
{
string protection = impl.CheckFilePath(path);
var subProtections = ProcessProtectionString(protection);
if (subProtections != null)
AppendToDictionary(protections, path, subProtections);
}
// If we have a directory path
if (Directory.Exists(path) && files?.Any() == true)
{
var subProtections = impl.CheckDirectoryPath(path, files);
if (subProtections != null)
AppendToDictionary(protections, path, subProtections);
}
return protections;
}
/// <summary>
/// Handle files based on an IPortableExecutableCheck implementation
/// </summary>
/// <param name="impl">IPortableExecutableCheck class representing the file type</param>
/// <param name="impl">IPortableExecutableCheck class representing the check</param>
/// <param name="fileName">Name of the source file of the executable, for tracking</param>
/// <param name="pex">NewExecutable to check</param>
/// <param name="includeDebug">True to include debug data, false otherwise</param>
@@ -327,6 +388,7 @@ namespace BurnOutSharp
if (string.IsNullOrWhiteSpace(protection))
return null;
// Setup the output queue
var protections = new ConcurrentQueue<string>();
// If we have an indicator of multiple protections
@@ -343,7 +405,6 @@ namespace BurnOutSharp
return protections;
}
#endregion
}
}

View File

@@ -4,7 +4,6 @@ using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using BinaryObjectScanner.FileType;
using BinaryObjectScanner.Utilities;
using BinaryObjectScanner.Wrappers;
@@ -114,7 +113,7 @@ namespace BurnOutSharp
// Scan for path-detectable protections
if (ScanPaths)
{
var directoryPathProtections = GetDirectoryPathProtections(path, files);
var directoryPathProtections = Handler.HandlePathChecks(path, files);
AppendToDictionary(protections, directoryPathProtections);
}
@@ -135,8 +134,8 @@ namespace BurnOutSharp
// Scan for path-detectable protections
if (ScanPaths)
{
var filePathProtections = GetFilePathProtections(file);
AppendToDictionary(protections, file, filePathProtections);
var filePathProtections = Handler.HandlePathChecks(file, files: null);
AppendToDictionary(protections, filePathProtections);
}
// Scan for content-detectable protections
@@ -173,8 +172,8 @@ namespace BurnOutSharp
// Scan for path-detectable protections
if (ScanPaths)
{
var filePathProtections = GetFilePathProtections(path);
AppendToDictionary(protections, path, filePathProtections);
var filePathProtections = Handler.HandlePathChecks(path, files: null);
AppendToDictionary(protections, filePathProtections);
}
// Scan for content-detectable protections
@@ -214,57 +213,6 @@ namespace BurnOutSharp
return protections;
}
/// <summary>
/// Get the path-detectable protections associated with a single path
/// </summary>
/// <param name="path">Path of the directory to scan</param>
/// <param name="files">Files contained within</param>
/// <returns>Dictionary of list of strings representing the found protections</returns>
private ConcurrentDictionary<string, ConcurrentQueue<string>> GetDirectoryPathProtections(string path, List<string> files)
{
// Create an empty queue for protections
var protections = new ConcurrentQueue<string>();
// Preprocess the list of files
files = files.Select(f => f.Replace('\\', '/')).ToList();
// Iterate through all path checks
Parallel.ForEach(ScanningClasses.PathCheckClasses, pathCheckClass =>
{
ConcurrentQueue<string> protection = pathCheckClass.CheckDirectoryPath(path, files);
if (protection != null)
protections.AddRange(protection);
});
// Create and return the dictionary
return new ConcurrentDictionary<string, ConcurrentQueue<string>>
{
[path] = protections
};
}
/// <summary>
/// Get the path-detectable protections associated with a single path
/// </summary>
/// <param name="path">Path of the file to scan</param>
/// <returns>Dictionary of list of strings representing the found protections</returns>
private ConcurrentQueue<string> GetFilePathProtections(string path)
{
// Create an empty queue for protections
var protections = new ConcurrentQueue<string>();
// Iterate through all path checks
Parallel.ForEach(ScanningClasses.PathCheckClasses, pathCheckClass =>
{
string protection = pathCheckClass.CheckFilePath(path.Replace("\\", "/"));
if (!string.IsNullOrWhiteSpace(protection))
protections.Enqueue(protection);
});
// Create and return the dictionary
return protections;
}
/// <summary>
/// Get the content-detectable protections associated with a single path
/// </summary>