search

chainguard-dev / bincapz

detect malicious program behaviors
Apache License 2.0
404 stars 26 forks source link

Add support for archives #144

Closed egibs closed 4 months ago

egibs commented 4 months ago

This PR adds support for archives -- specifically .apk, .jar, .tar, .tgz, .tar.gz, .tar.xz, and .zip archives.

.apk and .tar.* files will use a tar-specific function and .jar and .zip files use a zip-specific function.

This behaves similarly to the code introduced in #124 where the archive is copied to a temporary directory and extracted before being scanned. I moved the extract code to archive.go and updated it to support .tar.gz, .tar.xz (via the xz package), and .apk files.

I tested this out with all of the newly-supported file types and make lint runs cleanly with these changes.

Examples are attached here: examples.md

tstromberg commented 4 months ago

Looks great! My only feedback is to see if we add this feature without introducing more flags for people to learn.

egibs commented 4 months ago

@vaikas -- addressed your comments; appreciate the feedback!

tstromberg commented 4 months ago

This improvemenrt is huge! Nice work, @egibs !