Module: HEITT::Scanner

Defined in:

lib/heitt.rb

Class Method Summary

• .get_modes(entry) ⇒ Object
• .get_regex(entry) ⇒ Object
• .scan(input, database: HEITT::DATABASE, min_entropy: 3.5) ⇒ Object

Class Method Details

.get_modes(entry) ⇒ Object

# File 'lib/heitt.rb', line 236

def self.get_modes(entry)
  entry[:modes] || entry[:algorithms] || entry[:hashes] || 
  entry[:candidates] || entry[:types] || entry[:hashtypes]
end

.get_regex(entry) ⇒ Object

# File 'lib/heitt.rb', line 232

def self.get_regex(entry)
  entry[:extract_regex] || entry[:regex] || entry[:pattern] || entry[:regexp]
end

.scan(input, database: HEITT::DATABASE, min_entropy: 3.5) ⇒ Object

# File 'lib/heitt.rb', line 199

def self.scan(input, database: HEITT::DATABASE, min_entropy: 3.5)
  text = File.exist?(input) ? File.read(input) : input
  context_scores = HEITT::Analyzer.analyze(text, database: database)
  found = {}#[]
  seen = {}
 

  database.each do |entry|
    regex = get_regex(entry)
    modes = get_modes(entry)
    next unless regex && modes && !modes.empty?
    pattern = regex.is_a?(Regexp) ? regex : Regexp.new(regex)
    scanner = StringScanner.new(text)      
    
    while scanner.scan_until(pattern)
      matched = scanner.matched
      next unless matched.length < 8 || HEITT::Analyzer.high_entropy?(matched, min_entropy)
      offset = scanner.pos - matched.length
      delim_prefix = HEITT::Analyzer.extract_prefix(text, offset)

      candidates = HEITT::Analyzer.score_candidates(modes, delim_prefix, context_scores)
      score = candidates.first[:score]
      if score > (seen[matched] || -1)
        seen[matched] = score
        found[matched] = {hash: matched, candidates: candidates}
      end
    end
  end
  found.values
end