execheck 0.2.0

Multi-platform executable security checker for Linux (ELF), Windows (PE), and macOS (Mach-O)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159

#!/usr/bin/env cargo
//! Advanced filtering and filesystem boundary example
//! 
//! Run with: cargo run --example advanced_filtering

use execheck::{
    collect_executable_files, analyze_files, print_report, 
    ScanOptions, FileFilter, OutputFormat
};
use std::path::PathBuf;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    println!("=== ExeCheck Advanced Filtering Example ===\n");

    // Example 1: Filter only Windows executables (.exe)
    println!("1. Scanning for Windows executables (.exe files only):");
    let exe_options = ScanOptions {
        recursive: false,
        issues_only: false,
        strict: false,
        file_filter: FileFilter::WindowsExecutables,
        one_filesystem: false,
    };
    
    if let Ok(exe_files) = collect_executable_files(&PathBuf::from("."), &exe_options) {
        println!("   Found {} .exe files", exe_files.len());
        for file in exe_files.iter().take(3) {
            println!("   - {}", file.display());
        }
    } else {
        println!("   No .exe files found or error occurred");
    }

    // Example 2: Filter only Windows DLLs (.dll)
    println!("\n2. Scanning for Windows DLLs (.dll files only):");
    let dll_options = ScanOptions {
        recursive: false,
        issues_only: false,
        strict: false,
        file_filter: FileFilter::WindowsDlls,
        one_filesystem: false,
    };
    
    if let Ok(dll_files) = collect_executable_files(&PathBuf::from("."), &dll_options) {
        println!("   Found {} .dll files", dll_files.len());
        for file in dll_files.iter().take(3) {
            println!("   - {}", file.display());
        }
    } else {
        println!("   No .dll files found or error occurred");
    }

    // Example 3: Custom extension filtering
    println!("\n3. Custom extension filtering (exe, dll, so, dylib):");
    let custom_extensions = vec![
        "exe".to_string(),
        "dll".to_string(), 
        "so".to_string(),
        "dylib".to_string(),
    ];
    
    let custom_options = ScanOptions {
        recursive: true,
        issues_only: false,
        strict: false,
        file_filter: FileFilter::Extensions(custom_extensions),
        one_filesystem: false,
    };
    
    if let Ok(custom_files) = collect_executable_files(&PathBuf::from("."), &custom_options) {
        println!("   Found {} files with custom extensions", custom_files.len());
        for file in custom_files.iter().take(5) {
            println!("   - {}", file.display());
        }
    } else {
        println!("   No files with custom extensions found or error occurred");
    }

    // Example 4: Custom predicate filtering
    println!("\n4. Custom predicate filtering (files containing 'lib' in name):");
    let lib_filter = |path: &std::path::Path| {
        path.file_name()
            .and_then(|name| name.to_str())
            .map_or(false, |name| name.to_lowercase().contains("lib"))
    };
    
    let predicate_options = ScanOptions {
        recursive: true,
        issues_only: false,
        strict: false,
        file_filter: FileFilter::Custom(lib_filter),
        one_filesystem: false,
    };
    
    if let Ok(lib_files) = collect_executable_files(&PathBuf::from("/usr/lib"), &predicate_options) {
        println!("   Found {} library files", lib_files.len());
        for file in lib_files.iter().take(5) {
            println!("   - {}", file.display());
        }
    } else {
        println!("   Error scanning /usr/lib or no library files found");
    }

    // Example 5: Filesystem boundary demonstration (Unix only)
    #[cfg(unix)]
    {
        println!("\n5. Filesystem boundary scanning (Unix only):");
        let boundary_options = ScanOptions {
            recursive: true,
            issues_only: false,
            strict: false,
            file_filter: FileFilter::All,
            one_filesystem: true, // Stay within single filesystem
        };
        
        if let Ok(boundary_files) = collect_executable_files(&PathBuf::from("/"), &boundary_options) {
            println!("   Found {} files within root filesystem", boundary_files.len());
            println!("   (This prevents crossing into /proc, /sys, mounted drives, etc.)");
        } else {
            println!("   Error scanning root filesystem with boundary restrictions");
        }
    }
    
    #[cfg(not(unix))]
    {
        println!("\n5. Filesystem boundary scanning:");
        println!("   (Not supported on this platform - Unix-like systems only)");
    }

    // Example 6: Practical use case - analyze only PE files in a directory
    println!("\n6. Practical example - Analyze Windows executables and DLLs with JSON output:");
    
    let analysis_options = ScanOptions {
        recursive: true,
        issues_only: true, // Only show files with security issues
        strict: false,
        file_filter: FileFilter::WindowsExecutablesAndDlls,
        one_filesystem: false,
    };
    
    // Try to analyze current directory for demo purposes
    if let Ok(files) = collect_executable_files(&PathBuf::from("."), &analysis_options) {
        if !files.is_empty() {
            let report = analyze_files(files, &analysis_options)?;
            
            if !report.files.is_empty() {
                println!("   Analysis results (JSON format):");
                print_report(&report, &OutputFormat::Json, None)?;
            } else {
                println!("   No security issues found in Windows executables/DLLs!");
            }
        } else {
            println!("   No Windows executables or DLLs found in current directory");
        }
    }

    println!("\n=== Advanced Filtering Example Complete ===");
    Ok(())
}