Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/undo-ransomware/ransomware_detection.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/Analyzer/FileCorruptionAnalyzer.php6
-rw-r--r--lib/FileSignatures.php1
-rw-r--r--tests/Unit/Analyzer/FileCorruptionAnalyzerTest.php1
3 files changed, 8 insertions, 0 deletions
diff --git a/lib/Analyzer/FileCorruptionAnalyzer.php b/lib/Analyzer/FileCorruptionAnalyzer.php
index 4e1192c..d5bf092 100644
--- a/lib/Analyzer/FileCorruptionAnalyzer.php
+++ b/lib/Analyzer/FileCorruptionAnalyzer.php
@@ -82,6 +82,12 @@ class FileCorruptionAnalyzer
foreach ($signatures as $signature) {
$isFileCorrupted = true;
if (in_array(strtolower($pathInfo['extension']), $signature['extensions'])) {
+ // txt file extension has no signature, but is not corrupted
+ if (array_key_exists('exists', $signature['signature'])) {
+ if ($signature['signature']['exists'] === false) {
+ return new FileCorruptionResult(false);
+ }
+ }
// starting byte sequence
if (array_key_exists('starting', $signature['signature'])) {
foreach ($signature['signature']['starting']['bytes'] as $bytes) {
diff --git a/lib/FileSignatures.php b/lib/FileSignatures.php
index 5ac2c37..9065677 100644
--- a/lib/FileSignatures.php
+++ b/lib/FileSignatures.php
@@ -76,6 +76,7 @@ class FileSignatures
['mimeType' => '', 'extensions' => ['rtf'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/7b5c72746631/']]]],
['mimeType' => '', 'extensions' => ['mpg', 'mpeg'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/000001ba/', '/47/', '/000001b3/']]]],
['mimeType' => '', 'extensions' => ['mp4'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/00000018667479706d703432/']]]],
+ ['mimeType' => '', 'extensions' => ['txt'], 'signature' => ['exists' => false]]],
];
/**
diff --git a/tests/Unit/Analyzer/FileCorruptionAnalyzerTest.php b/tests/Unit/Analyzer/FileCorruptionAnalyzerTest.php
index 0bc0f40..b5d97a1 100644
--- a/tests/Unit/Analyzer/FileCorruptionAnalyzerTest.php
+++ b/tests/Unit/Analyzer/FileCorruptionAnalyzerTest.php
@@ -103,6 +103,7 @@ class FileCorruptionAnalyzerTest extends TestCase
['data' => 'ffd8ffe000104a46494600ffff', 'extension' => 'jpg', 'result' => true],
['data' => '25504446ff0d2525454f460d', 'extension' => 'pdf', 'result' => false],
['data' => 'ffff', 'extension' => 'jpg', 'result' => true],
+ ['data' => 'iamgroot', 'extension' => 'txt', 'result' => false],
];
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-23 01:16:08 +0300