Enum FileType

Source

pub enum FileType {
Show 18 variants    DOCFILE,
    ELF,
    ELF32,
    ELF64,
    ELF_LSB,
    ELF_MSB,
    ELF32_LSB,
    ELF64_LSB,
    ELF32_MSB,
    ELF64_MSB,
    EXE,
    MachO,
    PDF,
    PE32,
    PE32DotNet,
    PE32Native,
    RTF,
    XCOFF,
    // some variants omitted
}

Expand description

Known file types for training malware models

Variants§

§

DOCFILE

Docfile, which could be: MS Office, Windows Update, Installer, Visio, or something else! For the purposes of making a malware model, each subtype needs to be identified, which is not yet implemented.

§

ELF

Linux, *BSD, Solaris, Haiku, Redox executables

§

ELF32

32-bit ELF executable

§

ELF64

64-bit ELF executable

§

ELF_LSB

Little Endian ELF executable (ARM, Intel, PowerPC, RISC-V, etc.)

§

ELF_MSB

Big Endian ELF executable (ARM, M64k, MIPS, PowerPC, SPARC, etc.)

§

ELF32_LSB

32-bit Little Endian ELF executable

§

ELF64_LSB

64-bit Little Endian ELF executable

§

ELF32_MSB

32-bit Big Endian ELF executable

§

ELF64_MSB

64-bit Big Endian ELF executable

§

EXE

Non-PE32 Windows executable (could be for MS-DOS, OS/2, Windows 3.1, etc.)

§

MachO

Macho-O for macOS, iOS (and derivatives), and NeXT

§

PDF

Portable Document Format

§

PE32

Portable Executables for Windows

§

PE32DotNet

Portable Executables for Windows based on the .NET Framework

§

PE32Native

Portable Executables for Windows explicitly excluding .NET

§

RTF

Rich Text Format

§

XCOFF

Extended Common Object Format for AIX

Implementations§

Source §

impl FileType

Source

pub fn from_bytes(bytes: &[u8]) -> Option<Self>

Try to match bytes to a known file type

ELFs: the byte ordering has a higher precedence of importance. Plain ELF is the fallback if the byte ordering then pointer size isn’t determined.

Source

pub fn from_path<P: AsRef<Path>>(path: P) -> Result<Option<Self>>

Try to match bytes to a known file type

§Errors

An error will result if the file can’t be read or is too small.

Source

pub fn matches(&self, bytes: &[u8]) -> bool

Check if the given bytes match the expected file type. This isn’t as easy as “make a new instance and use the equality operator” due to subtypes.

A FileType::PE32 file is an FileType::EXE, but an FileType::EXE isn’t necessarily a FileType::PE32.
A FileType::ELF_LSB file is an FileType::ELF, but not necessarily the other way around.
ELFs: the byte ordering has a higher precedence of importance.

With subtypes, allow for training a model where you might want all ELFs, or only certain ELFs, so others would be disqualified.

Source

pub fn matches_path<P: AsRef<Path>>(&self, path: P) -> Result<bool>

Convenience function to read a few bytes of a file to see the file’s type matches this type.

§Errors

An error occurs if the file cannot be read.

Source

pub fn downgrade(self, other: FileType) -> Result<FileType>

When trying to find a file type for a collection of files, maybe we can pick a broader type from a specific type.

§Examples:

FileType::PE32DotNet or FileType::PE32Native can drop down to FileType::PE32
Any “PE32*” type can drop down to FileType::EXE
“ELF*” of any subtype can drop down to FileType::ELF.

§Errors

Any other type is an error. For example, FileType::RTF cannot downgrade, so finding anything but an RTF file is an error.

Trait Implementations§

Source §

impl Clone for FileType

Source §

fn clone(&self) -> FileType

Returns a duplicate of the value. Read more

1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

Source §

impl Debug for FileType

Source §

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Source §

impl<'de> Deserialize<'de> for FileType

Source §

fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more

Source §

impl Display for FileType

Source §

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Source §

impl From<FileType> for &'static str

Source §

fn from(ft: FileType) -> &'static str

Converts to this type from the input type.

Source §

impl Hash for FileType

Source §

fn hash<H: Hasher>(&self, state: &mut H)

Feeds this value into the given Hasher. Read more

1.3.0 · Source§

fn hash_slice<H>(data: &[Self], state: &mut H)
where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher. Read more

Source §

impl PartialEq for FileType

Source §

fn eq(&self, other: &FileType) -> bool

Tests for self and other values to be equal, and is used by ==.

1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

Source §

impl Serialize for FileType

Source §

fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
where S: Serializer,

Serialize this value into the given Serde serializer. Read more

Source §

impl ValueEnum for FileType

Source §

fn value_variants<'a>() -> &'a [Self]

All possible argument values, in display order.

Source §

fn to_possible_value<'a>(&self) -> Option<PossibleValue>

The canonical argument value. Read more

Source §

fn from_str(input: &str, ignore_case: bool) -> Result<Self, String>

Parse an argument into Self.

Source §

impl Copy for FileType

Source §

impl Eq for FileType

Source §

impl StructuralPartialEq for FileType

Auto Trait Implementations§

§

impl UnwindSafe for FileType

Blanket Implementations§

Source §

impl<T> Any for T
where T: 'static + ?Sized,

Source §

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

Source §

impl<T> Borrow<T> for T
where T: ?Sized,

Source §

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

Source §

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source §

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

Source §

impl<T> CloneToUninit for T
where T: Clone,

Source §

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dest. Read more

Source §

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source §

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more

Source §

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source §

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more

Source §

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source §

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.

Source §

impl<T> From<T> for T

Source §

fn from(t: T) -> T

Returns the argument unchanged.

Source §

impl<T, U> Into for T
where U: From<T>,

Source §

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source §

impl<T> IntoEither for T

Source §

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more

Source §

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more

Source §