malwaredb_server/db/
types.rs1use malwaredb_api::{SupportedFileType, SupportedFileTypes};
4use malwaredb_types::utils::EntropyCalc;
5
6use fuzzyhash::FuzzyHash;
7use human_hash::humanize;
8use magic::cookie::DatabasePaths;
9use malwaredb_lzjd2::lzjd::LzDigest;
10use md5::Md5;
11use sha1::Sha1;
12use sha2::{Digest, Sha256, Sha384, Sha512};
13use tlsh_fixed::TlshBuilder;
14use tracing::error;
15use uuid::Uuid;
16
17#[derive(Debug, Clone)]
19pub struct FileMetadata {
20 pub name: Option<String>,
22
23 pub size: u64,
25
26 pub entropy: f32,
28
29 pub sha1: Vec<u8>,
31
32 pub sha256: Vec<u8>,
34
35 pub sha384: Vec<u8>,
37
38 pub sha512: Vec<u8>,
40
41 pub md5: Uuid,
43
44 pub lzjd: Option<String>,
46
47 pub ssdeep: Option<String>,
49
50 pub tlsh: Option<String>,
52
53 pub humanhash: String,
55
56 pub file_command: String,
58}
59
60impl FileMetadata {
61 pub fn new(contents: &[u8], name: Option<&str>) -> Self {
68 let mut sha1 = Sha1::new();
69 sha1.update(contents);
70 let sha1 = sha1.finalize();
71
72 let mut sha256 = Sha256::new();
73 sha256.update(contents);
74 let sha256 = sha256.finalize();
75
76 let mut sha384 = Sha384::new();
77 sha384.update(contents);
78 let sha384 = sha384.finalize();
79
80 let mut sha512 = Sha512::new();
81 sha512.update(contents);
82 let sha512 = sha512.finalize();
83
84 let mut md5 = Md5::new();
85 md5.update(contents);
86 let md5 = md5.finalize();
87
88 let lzjd_str = LzDigest::from(contents).to_string();
89
90 let mut builder = TlshBuilder::new(
91 tlsh_fixed::BucketKind::Bucket256,
92 tlsh_fixed::ChecksumKind::ThreeByte,
93 tlsh_fixed::Version::Version4,
94 );
95
96 builder.update(contents);
97
98 let tlsh = if let Ok(hasher) = builder.build() {
99 Some(hasher.hash())
100 } else {
101 None
102 };
103
104 let md5 = Uuid::from_bytes(uuid::Bytes::from(md5));
106
107 let file_command = {
108 if let Ok(cookie) = magic::Cookie::open(magic::cookie::Flags::ERROR) {
109 let db_paths = DatabasePaths::default();
110 if let Ok(cookie) = cookie.load(&db_paths) {
111 if let Ok(output) = cookie.buffer(contents) {
112 output
113 } else {
114 error!("LibMagic: failed to get output for buffer");
115 String::new()
116 }
117 } else {
118 error!("LibMagic: failed to load signature database");
119 String::new()
120 }
121 } else {
122 error!("LibMagic: failed to get handle");
123 String::new()
124 }
125 };
126
127 Self {
128 name: name.map(str::to_ascii_lowercase),
129 size: contents.len() as u64,
130 entropy: contents.entropy(),
131 sha1: sha1.to_vec(),
132 sha256: sha256.to_vec(),
133 sha384: sha384.to_vec(),
134 sha512: sha512.to_vec(),
135 md5,
136 lzjd: Some(lzjd_str),
137 ssdeep: Some(FuzzyHash::new(contents).to_string()),
138 tlsh,
139 humanhash: humanize(&md5, 4),
140 file_command,
141 }
142 }
143}
144
145#[derive(Debug, Clone)]
147pub struct FileType {
148 pub id: u32,
150
151 pub name: String,
153
154 pub description: Option<String>,
156
157 pub magic: Vec<Vec<u8>>,
161
162 pub executable: bool,
165}
166
167pub struct FileTypes(pub Vec<FileType>);
169
170impl From<FileType> for SupportedFileType {
171 fn from(value: FileType) -> Self {
172 Self {
173 name: value.name,
174 magic: value.magic.iter().map(hex::encode).collect(),
175 is_executable: value.executable,
176 description: value.description,
177 }
178 }
179}
180
181impl From<FileTypes> for SupportedFileTypes {
182 fn from(value: FileTypes) -> Self {
183 Self {
184 types: value.0.into_iter().map(std::convert::Into::into).collect(),
185 message: None,
186 }
187 }
188}
189
190#[cfg(test)]
191mod test {
192 use super::*;
193 use std::str::FromStr;
194
195 #[test]
196 fn meta_and_sim_hashes() {
197 let contents = include_bytes!("../../../types/testdata/elf/elf_haiku_x86").to_vec();
198 let meta = FileMetadata::new(&contents, Some("elf_haiku_x86"));
199 assert!(meta.lzjd.is_some());
200 assert!(meta.tlsh.is_some());
201 assert!(meta.ssdeep.is_some());
202
203 let ssdeep = meta.ssdeep.unwrap();
204 let tlsh = meta.tlsh.unwrap();
205 let lzjd = meta.lzjd.unwrap();
206
207 println!("LZJD: {lzjd}");
208 println!("Tlsh: {tlsh}");
209 println!("SSDeep: {ssdeep}");
210 println!("Human hash: {}", meta.humanhash);
211 println!("File command: {}", meta.file_command);
212
213 assert_eq!(FuzzyHash::compare(ssdeep.clone(), ssdeep).unwrap(), 100);
214
215 let tlsh =
216 tlsh_fixed::Tlsh::from_str(&tlsh).expect("failed to convert tlsh string to object");
217 assert_eq!(tlsh.diff(&tlsh, true), 0);
218 }
219}