Skip to content

Commit

Permalink
Fix unbloating large null-only file
Browse files Browse the repository at this point in the history
  • Loading branch information
gdesmar committed May 6, 2024
1 parent 9388b8c commit 104cd34
Show file tree
Hide file tree
Showing 4 changed files with 100 additions and 2 deletions.
12 changes: 10 additions & 2 deletions extract/extract.py
Original file line number Diff line number Diff line change
Expand Up @@ -479,11 +479,19 @@ def strip_file(self, request: ServiceRequest, file_path, file_name):
f.seek(-1024 * last_position_jumps, os.SEEK_END)
while f.read(1024) == last_data:
last_position_jumps += 1
f.seek(-1024 * last_position_jumps, os.SEEK_END)
try:
f.seek(-1024 * last_position_jumps, os.SEEK_END)
except OSError:
# The whole file is identical?
break
# Time to find exactly where to stop the stripping
precise_offset = 1024
while precise_offset >= 0:
f.seek(-1024 * last_position_jumps + precise_offset, os.SEEK_END)
try:
f.seek(-1024 * last_position_jumps + precise_offset, os.SEEK_END)
except OSError:
# The whole file is identical?
break
data = f.read(1)
if data and data[0] != last_data[0]:
break
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
{
"extra": {
"drop_file": false,
"score": 500,
"sections": [
{
"auto_collapse": false,
"body": [
[
"Target file",
"large"
],
[
"Overlay Size",
104857600
],
[
"Overlay Entropy",
0.0
],
[
"Bloated byte",
0
],
[
"SHA256",
"20492a4d0d84f8beb1767f6616229f85d44c2827b64bdbfb260ee12fa1109e0e"
],
[
"SHA1",
"2c2ceccb5ec5574f791d45b63c940cff20550f9a"
],
[
"MD5",
"2f282b84e7e608d5852449ed940bfc51"
],
[
"Total Size",
104857600
]
],
"body_config": {},
"body_format": "ORDERED_KEY_VALUE",
"classification": "TLP:C",
"depth": 0,
"heuristic": {
"attack_ids": [],
"frequency": 1,
"heur_id": 22,
"score": 500,
"score_map": {},
"signatures": {}
},
"promote_to": null,
"tags": {},
"title_text": "Bloated file",
"zeroize_on_tag_safe": false
},
{
"auto_collapse": false,
"body": "large",
"body_config": {},
"body_format": "TEXT",
"classification": "TLP:C",
"depth": 0,
"heuristic": null,
"promote_to": null,
"tags": {},
"title_text": "Successfully extracted 1 file that was safelisted.",
"zeroize_on_tag_safe": false
}
]
},
"files": {
"extracted": [],
"supplementary": []
},
"results": {
"heuristics": [
{
"attack_ids": [],
"heur_id": 22,
"signatures": []
}
],
"tags": {},
"temp_submission_data": {}
}
}
Binary file not shown.
1 change: 1 addition & 0 deletions tests/samples/Sources.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@ The files in this sample directory have been sourced in the following ways:
| ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------- | -------------- |
| 6458981df004b4c8a6139fb9550472b46fae9c2fb134bba5ab68ba70d943ec76 | A simple python script containing some `print` and `import` statements. PyInstaller was then run on the script using python 3.9 | Self generated |
| f417d2fbadb7c813dac5b81165ed0c275a9436ff522e177afc7fedd3272d16c8 | A simple python script containing some `print` and `import` statements. PyInstaller was then run on the script using python 3.8 | Self generated |
| 65d2eb200397b4792924a1222aac099130e2364ab911238630c1268e430cbf31 | 100MB of null byte in a zip file | Self generated |

0 comments on commit 104cd34

Please sign in to comment.