-
Notifications
You must be signed in to change notification settings - Fork 0
/
programkind.go
99 lines (89 loc) · 1.86 KB
/
programkind.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
package yaratest
import (
"io"
"log"
"os"
"path/filepath"
"strings"
"github.com/liamg/magic"
)
func programKind(path string) string {
var header [263]byte
f, err := os.Open(path)
if err != nil {
log.Printf("os.Open[%s]: %v", path, err)
return ""
}
defer f.Close()
desc := ""
if _, err := io.ReadFull(f, header[:]); err == nil {
kind, err := magic.Lookup(header[:])
if err == nil {
desc = kind.Description
}
}
// log.Printf("len=%d header=%s err=%v", len, header[:], err)
// By Magic
d := strings.ToLower(desc)
if strings.Contains(d, "executable") || strings.Contains(d, "mach-o") || strings.Contains(d, "script") {
return desc
}
// By Filename
switch {
case strings.Contains(path, "systemd"):
return "systemd"
case strings.Contains(path, ".elf"):
return "Linux ELF binary"
case strings.Contains(path, ".xcoff"):
return "XCOFF progam"
}
switch filepath.Ext(path) {
case ".scpt":
return "compiled AppleScript"
case ".sh":
return "Shell script"
case ".rb":
return "Ruby script"
case ".py":
return "Python script"
case ".pl":
return "PERL script"
case ".yara":
return ""
case ".expect":
return "Expect script"
case ".php":
return "PHP file"
case ".html":
return ""
case ".js":
return "Javascript"
case ".7z":
return ""
case ".json":
return ""
case ".java":
return "Java source"
case ".jar":
return "Java program"
case ".asm":
return ""
case ".c":
return "C source"
}
// By string match
s := string(header[:])
switch {
case strings.Contains(s, "import "):
return "Python"
case strings.HasPrefix(s, "#!/bin/sh") || strings.HasPrefix(s, "#!/bin/bash"):
return "Shell"
case strings.HasPrefix(s, "#!"):
return "script"
case strings.Contains(s, "#include <"):
return "C Program"
}
// fmt.Printf("File %s string: %s", path, s)
// fmt.Printf("File %s: desc: %s\n", path, desc)
return ""
}