Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mach-O detection #53

Merged
merged 1 commit into from
Oct 9, 2019
Merged

Mach-O detection #53

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 19 additions & 2 deletions internal/matchers/binary.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,28 @@ import (
"bytes"
)

// Class matches an java class file.
func Class(in []byte) bool {
// Java bytecode and Mach-O binaries share the same magic number
// More info here https://github.com/threatstack/libmagic/blob/master/magic/Magdir/cafebabe
func classOrMachO(in []byte) bool {
// There should be at least 8 bytes for both of them because the only way to
// quickly distinguish them is by comparing byte at position 7
if len(in) < 8 {
return false
}

return bytes.HasPrefix(in, []byte{0xCA, 0xFE, 0xBA, 0xBE})
}

// Class matches a java class file.
func Class(in []byte) bool {
return classOrMachO(in) && in[7] > 30
}

// MachO matches Mach-O binaries format
func MachO(in []byte) bool {
return classOrMachO(in) && in[7] < 20
}

// Swf matches an Adobe Flash swf file.
func Swf(in []byte) bool {
return bytes.HasPrefix(in, []byte("CWS")) ||
Expand Down
1 change: 1 addition & 0 deletions mime_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,7 @@ var files = map[string]*node{
"so.so": elfLib,
"o.o": elfObj,
"dcm.dcm": dcm,
"mach.o": macho,

// fonts
"woff.woff": woff,
Expand Down
3 changes: 2 additions & 1 deletion supported_mimes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
## 122 Supported MIME types
## 123 Supported MIME types
This file is automatically generated when running tests. Do not edit manually.

Extension | MIME type
Expand Down Expand Up @@ -125,3 +125,4 @@ Extension | MIME type
**bpg** | image/bpg
**sqlite** | application/x-sqlite3
**dwg** | image/vnd.dwg
**macho** | application/x-mach-binary
Binary file added testdata/mach.o
View file
Open in desktop
Binary file not shown.
3 changes: 2 additions & 1 deletion tree.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ var root = newNode("application/octet-stream", "", matchers.True,
ar, tar, xar, bz2, fits, tiff, bmp, ico, mp3, flac, midi, ape, musePack, amr,
wav, aiff, au, mpeg, quickTime, mqv, mp4, webM, threeGP, threeG2, avi, flv,
mkv, asf, aac, voc, aMp4, m4a, txt, gzip, class, swf, crx, woff, woff2, otf,
eot, wasm, shx, dbf, dcm, rar, djvu, mobi, lit, bpg, sqlite3, dwg,
eot, wasm, shx, dbf, dcm, rar, djvu, mobi, lit, bpg, sqlite3, dwg, macho,
)

// The list of nodes appended to the root node
Expand Down Expand Up @@ -136,4 +136,5 @@ var (
sqlite3 = newNode("application/x-sqlite3", "sqlite", matchers.Sqlite)
dwg = newNode("image/vnd.dwg", "dwg", matchers.Dwg)
warc = newNode("application/warc", "warc", matchers.Warc)
macho = newNode("application/x-mach-binary", "macho", matchers.MachO)
)