MCPcopy Index your code
hub / github.com/MultSec/MultCheck / checkStatic

Function checkStatic

src/scan.go:62–110  ·  view source on GitHub ↗
(binaryPath string, conf map[string]string)

Source from the content-addressed store, hash-verified

60}
61
62func checkStatic(binaryPath string, conf map[string]string) (string, error) {
63 // Read the files content
64 data, err := os.ReadFile(binaryPath)
65 if err != nil {
66 return "", fmt.Errorf("failed to read file: %v", err)
67 }
68
69 // Set the initial values
70 lastGood, mid, upperBound := 0, len(data)/2, len(data)
71 threatFound := false
72
73 // Binary search for the malicious content
74 for upperBound-lastGood > 1 {
75 // Check the slice for malware
76 scanResult , err := scanSlice(data[0:mid], conf)
77 if err != nil {
78 return "", err
79 }
80
81 if scanResult {
82 threatFound = true
83 upperBound = mid
84 } else {
85 lastGood = mid
86 }
87
88 mid = lastGood + (upperBound-lastGood)/2
89 }
90
91 // Return the result
92 if threatFound {
93
94 // Get the start and end of the malicious content
95 start := lastGood - 32
96 if start < 0 {
97 start = 0
98 }
99
100 // Get the start and end of the malicious content
101 end := mid + 32
102 if end > len(data) {
103 end = len(data)
104 }
105
106 return fmt.Sprintf("Malicious content found (offset: %08x). \n%s\n", lastGood, hex.Dump(data[start:end])), nil
107 }
108
109 return "", nil
110}
111
112func CheckMal(binaryPath string, conf map[string]string) (string, error) {
113 // Check for Detection

Callers 1

CheckMalFunction · 0.85

Calls 1

scanSliceFunction · 0.85

Tested by

no test coverage detected