armorlib 0.2.3

Easily scan files for threats to security and privacy.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

//! This scan module searches for EXIF metadata in JPEG and TIFF files. EXIF metadata often
//! contains sensitive private information (like location), and poses a serious threat to
//! privacy and security.

use std::io::BufReader;
use exif;
use exif::{Error, Tag, Value};

use errors::ArmorlibError;
use scan_module::ScanModule;
use scan_object::ScanObject;
use finding::{Finding, Severity};

pub struct ExifScanModule;

impl ScanModule for ExifScanModule {
    fn scan(&self, scan_object: &ScanObject) -> Result<Vec<Finding>, ArmorlibError> {
        // check if filetype can even have EXIF, and if not, return an empty vec
        if scan_object.get_metadata("filtype/tiff").is_err()
            && scan_object.get_metadata("filetype/jpg").is_err()
        {
            return Ok(vec![]);
        }

        // read EXIF metadata
        let reader = match exif::Reader::new(&mut BufReader::new(&*scan_object.binary_object.data))
        {
            Ok(reader) => reader,
            Err(error) => match error {
                Error::NotFound("No Exif data found") => return Ok(vec![]),
                _ => return Err(ArmorlibError::ParseError(format!("{:?}", error))),
            },
        };

        let fields = reader.fields();

        let mut findings: Vec<Finding> = Vec::new();

        // iterate through each field and create a Finding
        for field in fields {
            let tag: &Tag = &field.tag;
            let value: &Value = &field.value;

            if tag.default_value().is_some() {
                if format!("{}", value.display_as(*tag))
                    == format!("{}", tag.default_value().unwrap().display_as(*tag))
                {
                    continue; // has default value, no need to worry
                }
            }

            let description = match tag.description() {
                Some(description) => description,
                None => "<unknown tag>",
            };

            let level = match tag.number() {
                271 | 272 | 305 => Severity::Danger(format!( // make, model, software
                    "'{}' tag can be used to identify origin device",
                    description
                )),
                306 => Severity::Danger(format!( // datetime
                    "'{}' tag can be used to track creator",
                    description
                )),
                315 | 42032 | 42033 | 42034 => {
                    Severity::Danger(format!( // artist, cameraownername, serial number,
                    "'{}' tag can be used to identify creator",
                    description
                ))
                }
                36867 | 36868 => Severity::Danger(format!( // datetimeoriginal
                    "'{}' tag can be used to track creator",
                    description
                )),
                36880 | 36881 | 36882 => Severity::Danger(format!( // offsettime
                    "'{}' tag can be used to determine creator's region",
                    description
                )),
                37888 | 37889 | 37890 | 37891 => {
                    Severity::Danger(format!( // temp, humidity, pressure, water depth
                    "'{}' tag can be used to determine creator's general location",
                    description
                ))
                }
                41492 | 0...31 => Severity::Danger(format!( // subject location, GPS info
                    "'{}' tag can be used to determine creator's location",
                    description
                )),
                _ => Severity::Warn(format!( // default
                    "'{}' tag could reveal private information",
                    description
                )),
            };

            let finding = Finding {
                title: format!("'{}' EXIF metadata detected", description),
                id: String::from("EXIF_METADATA"),
                description: format!(
                    "The '{}' tag ({}) was found in the EXIF metadata: {}",
                    description,
                    tag.number(),
                    value.display_as(*tag)
                ),
                severity: level,
            };

            findings.push(finding);
        }

        Ok(findings)
    }

    fn info(&self) -> (&'static str, &'static str) {
        ("exif", "detects dangerous EXIF metadata")
    }

    fn required_preprocessors(&self) -> Vec<&'static str> {
        vec!["filetype"]
    }

    fn subscribed_filetypes(&self) -> Option<Vec<&'static str>> {
        Some(vec!["tiff", "jpg"])
    }
}