search

simsong / bulk_extractor

This is the development tree. Production downloads are at:
https://github.com/simsong/bulk_extractor/releases
Other
1.11k stars 187 forks source link

validate <source> is written with hash #208

Closed simsong closed 3 years ago

simsong commented 3 years ago

It wasn't last night...

  <source>
    <image_filename>/Users/simsong/corp/nps-2009-ubnist1/ubnist1.gen3.raw</image_filename>
    <image_size>2106589184</image_size>
  </source>

current code:

void Phase1::dfxml_write_source()
{
    /* We can write out the source info now, since we (might) know the hash */
    xreport.push("source");
    xreport.xmlout("image_filename",p.image_fname());
    xreport.xmlout("image_size",p.image_size());
    if (sha1g){
        dfxml::sha1_t sha1 = sha1g->digest();
    xreport.xmlout("hashdigest",sha1.hexdigest(),"type='SHA1'",false);
    delete sha1g;
    }
    xreport.pop("source");                      // source
simsong commented 3 years ago

Looks like it is now. This was ugly. it turned out that sbuf_mapfile() was not properly setting the margin.

  <source>
    <image_filename>/Users/simsong/corp/nps-2009-ubnist1/ubnist1.gen3.raw</image_filename>
    <image_size>2106589184</image_size>
    <hashdigest type='SHA1'>9b58bb9e1716dd6a12ef76de1d0790508a3c7166</hashdigest>
  </source>