]> code.octet-stream.net Git - hashgood/blob - src/verify.rs
projects / hashgood / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Tighten up digests file parsing
[hashgood] / src / verify.rs
1 use super::{
2 Algorithm, CandidateHash, CandidateHashes, Hash, MatchLevel, MessageLevel, Opt, Verification,
3 VerificationSource,
4 };
5 #[cfg(feature = "paste")]
6 use copypasta::{ClipboardContext, ClipboardProvider};
7 use std::fs::File;
8 use std::io;
9 use std::io::prelude::*;
10 use std::io::BufReader;
11 use std::path::PathBuf;
12
13 /// Calculate a list of candidate hashes based on the options specified.
14 /// If no hash options have been specified returns None.
15 /// It is assumed to be verified previously that at most one mode has been specified.
16 pub fn get_candidate_hashes(opt: &Opt) -> Result<Option<CandidateHashes>, String> {
17 if let Some(hash_string) = &opt.hash {
18 return Ok(Some(get_by_parameter(hash_string)?));
19 } else if opt.get_paste() {
20 return Ok(Some(get_from_clipboard()?));
21 } else if let Some(hash_file) = &opt.hash_file {
22 return Ok(Some(get_from_file(hash_file)?));
23 }
24 Ok(None)
25 }
26
27 /// Generate a candidate hash from the provided command line parameter, or throw an error.
28 fn get_by_parameter(param: &str) -> Result<CandidateHashes, String> {
29 let bytes =
30 hex::decode(&param).map_err(|_| "Provided hash is invalid or truncated hex".to_owned())?;
31 let alg = Algorithm::from_len(bytes.len())?;
32 let candidate = CandidateHash {
33 filename: None,
34 bytes,
35 };
36 Ok(CandidateHashes {
37 alg,
38 hashes: vec![candidate],
39 source: VerificationSource::CommandArgument,
40 })
41 }
42
43 /// Generate a candidate hash from the system clipboard, or throw an error.
44 fn get_from_clipboard() -> Result<CandidateHashes, String> {
45 #[cfg(feature = "paste")]
46 {
47 let mut ctx: ClipboardContext = match ClipboardContext::new() {
48 Ok(ctx) => ctx,
49 Err(e) => return Err(format!("Error getting system clipboard: {}", e)),
50 };
51
52 let possible_hash = match ctx.get_contents() {
53 Ok(value) => value,
54 Err(e) => format!("Error reading from clipboard: {}", e),
55 };
56
57 let bytes = hex::decode(&possible_hash)
58 .map_err(|_| "Clipboard contains invalid or truncated hex".to_owned())?;
59 let alg = Algorithm::from_len(bytes.len())?;
60 let candidate = CandidateHash {
61 filename: None,
62 bytes,
63 };
64 return Ok(CandidateHashes {
65 alg,
66 hashes: vec![candidate],
67 source: VerificationSource::Clipboard,
68 });
69 }
70 #[cfg(not(feature = "paste"))]
71 {
72 return Err("Paste not implemented".to_owned());
73 }
74 }
75
76 /// Generate a candidate hash from the digests file specified (could be "-" for STDIN), or throw an error.
77 fn get_from_file(path: &PathBuf) -> Result<CandidateHashes, String> {
78 // Get a reader for either standard input or the chosen path
79 let reader: Box<dyn Read> = if path.to_str() == Some("-") {
80 Box::new(std::io::stdin())
81 } else {
82 Box::new(File::open(path).map_err(|_| {
83 format!(
84 "Unable to open check file at path '{}'",
85 path.to_string_lossy()
86 )
87 })?)
88 };
89
90 // Read the first line, trimmed
91 let mut reader = BufReader::new(reader);
92 let mut line = String::new();
93 reader
94 .read_line(&mut line)
95 .map_err(|_| "Error reading from check file".to_owned())?;
96 let line = line.trim().to_owned();
97
98 // Does our first line look like a raw hash on its own? If so, use that
99 if let Some(candidate) = read_raw_candidate_from_file(&line, &path) {
100 return Ok(candidate);
101 }
102
103 // Maybe it's a digests file
104 // Reconstruct the full iterator by joining our already-read line with the others
105 let full_lines = vec![Ok(line)].into_iter().chain(reader.lines());
106
107 // Does the entire file look like a coreutils-style digests file? (SHA1SUMS, etc.)
108 if let Some(candidate) = read_coreutils_digests_from_file(full_lines, &path) {
109 return Ok(candidate);
110 }
111
112 // If neither of these techniques worked this is a fatal error
113 // The user requested we use this input but we couldn't
114 Err(format!(
115 "Provided check file '{}' was neither a hash nor a valid digests file",
116 path.to_string_lossy()
117 ))
118 }
119
120 fn try_parse_hash(s: &str) -> Option<(Algorithm, Vec<u8>)> {
121 let bytes = match hex::decode(s.trim()) {
122 Ok(bytes) => bytes,
123 _ => return None,
124 };
125 let alg = match Algorithm::from_len(bytes.len()) {
126 Ok(alg) => alg,
127 _ => return None,
128 };
129 Some((alg, bytes))
130 }
131
132 fn read_raw_candidate_from_file(line: &str, path: &PathBuf) -> Option<CandidateHashes> {
133 let (alg, bytes) = try_parse_hash(line)?;
134 Some(CandidateHashes {
135 alg,
136 source: VerificationSource::RawFile(path.clone()),
137 hashes: vec![CandidateHash {
138 bytes,
139 filename: None,
140 }],
141 })
142 }
143
144 fn read_coreutils_digests_from_file<I, S>(lines: I, path: &PathBuf) -> Option<CandidateHashes>
145 where
146 I: Iterator<Item = io::Result<S>>,
147 S: AsRef<str>,
148 {
149 let mut hashes = vec![];
150 let mut alg: Option<Algorithm> = None;
151 for l in lines {
152 if let Ok(l) = l {
153 let l = l.as_ref().trim();
154 // Allow (ignore) blank lines
155 if l.is_empty() {
156 continue;
157 }
158 // Expected format
159 // <valid-hash><space><space-or-*><filename>
160 let (line_alg, bytes, filename) = match l
161 .find(' ')
162 .and_then(|space_pos| {
163 // Char before filename should be space for text or * for binary
164 match l.chars().nth(space_pos + 1) {
165 Some(' ') | Some('*') => (l.get(..space_pos)).zip(l.get(space_pos + 2..)),
166 _ => None,
167 }
168 })
169 .and_then(|(maybe_hash, filename)| {
170 // Filename should be in this position without extra whitespace
171 if filename.trim() == filename {
172 try_parse_hash(maybe_hash).map(|(alg, bytes)| (alg, bytes, filename))
173 } else {
174 None
175 }
176 }) {
177 Some(t) => t,
178 None => {
179 // if we have a line with content we cannot parse, this is an error
180 return None;
181 }
182 };
183 if alg.is_some() && alg != Some(line_alg) {
184 // Different algorithms in the same digest file are not supported
185 return None;
186 } else {
187 // If we are the first line, we define the overall algorithm
188 alg = Some(line_alg);
189 }
190 // So far so good - create an entry for this line
191 hashes.push(CandidateHash {
192 bytes,
193 filename: Some(filename.to_owned()),
194 });
195 }
196 }
197
198 // It is a failure if we got zero hashes or we somehow don't know the algorithm
199 if hashes.is_empty() {
200 return None;
201 }
202 let alg = match alg {
203 Some(alg) => alg,
204 _ => return None,
205 };
206
207 // Otherwise all is well and we can return our results
208 Some(CandidateHashes {
209 alg,
210 source: VerificationSource::DigestsFile(path.clone()),
211 hashes,
212 })
213 }
214
215 /// Determine if the calculated hash matches any of the candidates.
216 ///
217 /// Ok result: the hash matches, and if the candidate has a filename, that matches too
218 /// Maybe result: the hash matches but the filename does not
219 /// Fail result: neither of the above
220 pub fn verify_hash<'a>(calculated: &Hash, candidates: &'a CandidateHashes) -> Verification<'a> {
221 let mut ok: Option<&CandidateHash> = None;
222 let mut maybe: Option<&CandidateHash> = None;
223 let mut messages = Vec::new();
224
225 for candidate in &candidates.hashes {
226 if candidate.bytes == calculated.bytes {
227 match candidate.filename {
228 None => ok = Some(candidate),
229 Some(ref candidate_filename) if candidate_filename == &calculated.filename => {
230 ok = Some(candidate)
231 }
232 Some(ref candidate_filename) => {
233 messages.push((
234 MessageLevel::Warning,
235 format!(
236 "The matched hash has filename '{}', which does not match the input.",
237 candidate_filename
238 ),
239 ));
240 maybe = Some(candidate);
241 }
242 }
243 }
244 }
245
246 // Warn that a "successful" MD5 result is not necessarily great
247 if candidates.alg == Algorithm::Md5 && (ok.is_some() || maybe.is_some()) {
248 messages.push((
249 MessageLevel::Note,
250 "MD5 can easily be forged. Use a stronger algorithm if possible.".to_owned(),
251 ))
252 }
253
254 // If we got a full match, great
255 if ok.is_some() {
256 return Verification {
257 match_level: MatchLevel::Ok,
258 comparison_hash: ok,
259 messages,
260 };
261 }
262
263 // Second priority, a "maybe" result
264 if maybe.is_some() {
265 return Verification {
266 match_level: MatchLevel::Maybe,
267 comparison_hash: maybe,
268 messages,
269 };
270 }
271
272 // Otherwise we failed
273 // If we only had one candidate hash, include it
274 let comparison = match candidates.hashes.len() {
275 1 => Some(&candidates.hashes[0]),
276 _ => None,
277 };
278 Verification {
279 match_level: MatchLevel::Fail,
280 comparison_hash: comparison,
281 messages,
282 }
283 }
284
285 #[cfg(test)]
286 mod tests {
287 use super::*;
288
289 #[test]
290 fn test_read_raw_inputs() {
291 let example_path: PathBuf = "some_file".into();
292 let valid_md5 = "d229da563da18fe5d58cd95a6467d584";
293 let valid_sha1 = "b314c7ebb7d599944981908b7f3ed33a30e78f3a";
294 let valid_sha1_2 = valid_sha1.to_uppercase();
295 let valid_sha256 = "1eb85fc97224598dad1852b5d6483bbcf0aa8608790dcc657a5a2a761ae9c8c6";
296
297 let invalid1 = "x";
298 let invalid2 = "a";
299 let invalid3 = "d229da563da18fe5d58cd95a6467d58";
300 let invalid4 = "1eb85fc97224598dad1852b5d6483bbcf0aa8608790dcc657a5a2a761ae9c8c67";
301 let invalid5 = "1eb85fc97224598dad1852b5d 483bbcf0aa8608790dcc657a5a2a761ae9c8c6";
302
303 assert!(matches!(
304 read_raw_candidate_from_file(valid_md5, &example_path),
305 Some(CandidateHashes {
306 alg: Algorithm::Md5,
307 ..
308 })
309 ));
310 assert!(matches!(
311 read_raw_candidate_from_file(valid_sha1, &example_path),
312 Some(CandidateHashes {
313 alg: Algorithm::Sha1,
314 ..
315 })
316 ));
317 assert!(matches!(
318 read_raw_candidate_from_file(&valid_sha1_2, &example_path),
319 Some(CandidateHashes {
320 alg: Algorithm::Sha1,
321 ..
322 })
323 ));
324 assert!(matches!(
325 read_raw_candidate_from_file(valid_sha256, &example_path),
326 Some(CandidateHashes {
327 alg: Algorithm::Sha256,
328 ..
329 })
330 ));
331
332 for i in &[invalid1, invalid2, invalid3, invalid4, invalid5] {
333 assert!(read_raw_candidate_from_file(*i, &example_path).is_none());
334 }
335 }
336
337 #[test]
338 fn test_read_shasums() {
339 let shasums = "4b91f7a387a6edd4a7c0afb2897f1ca968c9695b *cp
340 75eb7420a9f5a260b04a3e8ad51e50f2838a17fc lel.txt
341
342 fe6c26d485a3573a1cb0ad0682f5105325a1905f shasums";
343 let lines = shasums.lines().map(|l| std::io::Result::Ok(l));
344 let path = PathBuf::from("SHASUMS");
345 let candidates = read_coreutils_digests_from_file(lines, &path);
346
347 assert_eq!(
348 candidates,
349 Some(CandidateHashes {
350 alg: Algorithm::Sha1,
351 hashes: vec![
352 CandidateHash {
353 bytes: hex::decode("4b91f7a387a6edd4a7c0afb2897f1ca968c9695b").unwrap(),
354 filename: Some("cp".to_owned()),
355 },
356 CandidateHash {
357 bytes: hex::decode("75eb7420a9f5a260b04a3e8ad51e50f2838a17fc").unwrap(),
358 filename: Some("lel.txt".to_owned()),
359 },
360 CandidateHash {
361 bytes: hex::decode("fe6c26d485a3573a1cb0ad0682f5105325a1905f").unwrap(),
362 filename: Some("shasums".to_owned()),
363 }
364 ],
365 source: VerificationSource::DigestsFile(path),
366 })
367 );
368 }
369
370 #[test]
371 fn test_invalid_shasums() {
372 let no_format = "4b91f7a387a6edd4a7c0afb2897f1ca968c9695b cp";
373 let invalid_format = "4b91f7a387a6edd4a7c0afb2897f1ca968c9695b .cp";
374 let extra_space = "4b91f7a387a6edd4a7c0afb2897f1ca968c9695b cp";
375
376 for digest in [no_format, invalid_format, extra_space] {
377 let lines = digest.lines().map(|l| std::io::Result::Ok(l));
378 assert!(
379 read_coreutils_digests_from_file(lines, &PathBuf::from("SHASUMS")).is_none(),
380 "Should be invalid digest: {:?}",
381 digest
382 );
383 }
384 }
385 }
Unnamed repository; edit this file 'description' to name the repository.