Jclass scanner hotfix (#800)

Author: babenek

.github/workflows/check.yml

@@ -92,7 +92,7 @@ jobs:
         run: |
           banner="$(python -m credsweeper --banner | head -1)"
           echo "banner = '${banner}'"
-          if [ "CredSweeper 1.14.1 crc32:5aa3f35d" != "${banner}" ]; then
+          if [ "CredSweeper 1.14.2 crc32:36ab773c" != "${banner}" ]; then
             echo "Update the check for '${banner}'"
             exit 1
           fi

credsweeper/__init__.py

@@ -24,4 +24,4 @@
     "__version__"
 ]
 
-__version__ = "1.14.1"
+__version__ = "1.14.2"

credsweeper/deep_scanner/jclass_scanner.py

@@ -4,7 +4,7 @@
 from abc import ABC
 from typing import List, Optional
 
-from credsweeper.common.constants import MIN_DATA_LEN, UTF_8
+from credsweeper.common.constants import UTF_8
 from credsweeper.credentials.candidate import Candidate
 from credsweeper.deep_scanner.abstract_scanner import AbstractScanner
 from credsweeper.file_handler.data_content_provider import DataContentProvider
@@ -25,24 +25,26 @@ def u2(stream: io.BytesIO) -> int:
     def get_utf8_constants(stream: io.BytesIO) -> List[str]:
         """Extracts only Utf8 constants from java ClassFile"""
         result = []
-        item_count = JclassScanner.u2(stream)
-        while 0 < item_count:
-            # actual number of items is one less!
-            item_count -= 1
+        # actual number of items is one less!
+        items_counter = JclassScanner.u2(stream) - 1
+        while 0 < items_counter:
+            items_counter -= 1
             # uint8
             tag = int(stream.read(1)[0])
             if 1 == tag:
+                # UTF-8 string in bytes may be bigger than in characters
                 length = JclassScanner.u2(stream)
                 data = stream.read(int(length))
-                if MIN_DATA_LEN <= length:
-                    value = data.decode(encoding=UTF_8, errors="replace")
-                    result.append(value)
+                value = data.decode(encoding=UTF_8, errors="replace")
+                result.append(value)
             elif tag in (3, 4, 9, 10, 11, 12, 18):
                 _ = stream.read(4)
             elif tag in (7, 8, 16):
                 _ = stream.read(2)
             elif tag in (5, 6):
                 _ = stream.read(8)
+                # long and double types use two indexes
+                items_counter -= 1
             elif 15 == tag:
                 _ = stream.read(3)
             else:

tests/data/depth_3_pedantic.json

@@ -124,7 +124,7 @@
                 "line": "MIIBOgIBAAJBAL1/hJjtuMbjbVXo6wYT1SxiROOvwgffVSvOAk5aN2d4wYTC25k3sklfpdwxvkjh4iGB6/qC+0RbmiLwaXaQT0ECAwEAAQJAeAlQyza6t3HVDnhud/kULftJvBjXhfkYkJj8qPlI40dn/Tnwe6mywfly6hOvAn4TRBsnB/Eln6hJLmCrDvZvyQIhAPf7Uma4/Aqgoz3SfPyz9TaQXyD5JSC3ej7cOH7b3hgTAiEAw6AYhc/UKh8iIAPYGK15ImVmXAlxmhFD6xCWx9bcTdsCIQDiqOayWZaWKCnNEh2H5PzW+LLasp9K/ilQV32UBmdD3QIgbafQFzHoO7Q37Lo655pVzHIKbozcoQAMkjc6TcqiswECIBvXLFj5jkNs4iSqphZo8eISUdol/9Zo/dkrHC41kbYJ",
                 "line_num": 0,
                 "path": "./tests/samples/Sample.class",
-                "info": "FILE:./tests/samples/Sample.class|Java.65.0|STRING:4|BASE64|PKCS_PASSWORD:None",
+                "info": "FILE:./tests/samples/Sample.class|Java.65.0|STRING:21|BASE64|PKCS_PASSWORD:None",
                 "variable": null,
                 "variable_start": -2,
                 "variable_end": -2,
@@ -145,7 +145,7 @@
                 "line": "MIIBvTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIT0gWHcAV1rACAggAMAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBBaZ0qE6fJsz9rDPoa2esruBIIBYF9QvKgDLA15MgXR8P73DRdrDJzEEoYe7bDtk+vnTzy6DNVwSfkgQLNLpKfnjPO3b1szG5md06Fai6Tuuc9kKDhaCWfGgw/xAeb4OEjWupyCUvmyWYBNqCC+DDQZb7ccka4cuIRV7Ty0I/3AdGCZ/g4mDBozjtfLkLOvWzRuKXQYvGlPYd0HUWupKn2SgduyrwKt43zq0j+t9UXMMFVYv7RZOzZruVcUkBKHoYDkgOl9OQ5tGE+atfhLZUVUKj4Q7F+o6mlTy0JHxv94oUadDXJCyzivdes2RxabPDJ+1gEfNW8ZRZtselC+Pdy+KBItLn3f3FEWXpWbNPRzhElOUUaNgRNOQrmxoE09QxWLt8L3soArRfWe732Nw7N9izpUuKmL72bzbpetDQu/sn49CEnWcFGCZQ9inSiEogF0e2ncxnKfthRKzpT3K5JGiqcMmbcMoz5WjLks//PgWcZ/l2o=",
                 "line_num": 0,
                 "path": "./tests/samples/Sample.class",
-                "info": "FILE:./tests/samples/Sample.class|Java.65.0|STRING:7|BASE64|PKCS_PASSWORD:b'changeme'",
+                "info": "FILE:./tests/samples/Sample.class|Java.65.0|STRING:25|BASE64|PKCS_PASSWORD:b'changeme'",
                 "variable": null,
                 "variable_start": -2,
                 "variable_end": -2,
@@ -166,7 +166,7 @@
                 "line": "MIIBOgIBAAJBAL1/hJjtuMbjbVXo6wYT1SxiROOvwgffVSvOAk5aN2d4wYTC25k3sklfpdwxvkjh4iGB6/qC+0RbmiLwaXaQT0ECAwEAAQJAeAlQyza6t3HVDnhud/kULftJvBjXhfkYkJj8qPlI40dn/Tnwe6mywfly6hOvAn4TRBsnB/Eln6hJLmCrDvZvyQIhAPf7Uma4/Aqgoz3SfPyz9TaQXyD5JSC3ej7cOH7b3hgTAiEAw6AYhc/UKh8iIAPYGK15ImVmXAlxmhFD6xCWx9bcTdsCIQDiqOayWZaWKCnNEh2H5PzW+LLasp9K/ilQV32UBmdD3QIgbafQFzHoO7Q37Lo655pVzHIKbozcoQAMkjc6TcqiswECIBvXLFj5jkNs4iSqphZo8eISUdol/9Zo/dkrHC41kbYJ",
                 "line_num": 1,
                 "path": "./tests/samples/Sample.class",
-                "info": "FILE:./tests/samples/Sample.class|Java.65.0|STRING:4|RAW",
+                "info": "FILE:./tests/samples/Sample.class|Java.65.0|STRING:21|RAW",
                 "variable": null,
                 "variable_start": -2,
                 "variable_end": -2,

tests/data/no_filters_no_ml.json

@@ -49,7 +49,7 @@
         "line_data_list": [
             {
                 "line": "        final byte [] pkey = Base64.getMimeDecoder().decode(",
-                "line_num": 4,
+                "line_num": 35,
                 "path": "./tests/samples/Sample.java",
                 "info": "",
                 "variable": "pkey",
@@ -70,7 +70,7 @@
         "line_data_list": [
             {
                 "line": "        final byte [] pkey = Base64.getMimeDecoder().decode(text);",
-                "line_num": 26,
+                "line_num": 58,
                 "path": "./tests/samples/Sample.java",
                 "info": "",
                 "variable": "pkey",

tests/deep_scanner/test_jclass_scanner.py

@@ -0,0 +1,57 @@
+import base64
+import io
+import unittest
+
+from credsweeper.deep_scanner.jclass_scanner import JclassScanner
+from tests import AZ_DATA
+
+SAMPLE_B64 = """
+yv66vgAAAEEAaQoAAgADBwAEDAAFAAYBABBqYXZhL2xhbmcvT2JqZWN0AQAGPGluaXQ+AQADKClWEgAAAAgMAAkACgEAA3J1bgEAFigpTGphdmEvbGFuZy9S
+dW5uYWJsZTsLAAwADQcADgwACQAGAQASamF2YS9sYW5nL1J1bm5hYmxlCQAQABEHABIMABMAFAEAEGphdmEvbGFuZy9TeXN0ZW0BAANvdXQBABVMamF2YS9p
+by9QcmludFN0cmVhbTsHABYBAAZTYW1wbGUKABgAGQcAGgwAGwAcAQATamF2YS9pby9QcmludFN0cmVhbQEAB3ByaW50bG4BAAQoWilWCgAYAB4MABsAHwEA
+BChDKVYIACEBACRiYWNlNGQxOS1iZWVmLWNhZmUtY29vMS05MTI5NDc0YmNkODEKABgAIwwAGwAkAQAVKExqYXZhL2xhbmcvU3RyaW5nOylWBQAAAAB3NhXZ
+CgAYACgMABsAKQEABChKKVYGQBdu4XWCSM4KABgALQwAGwAuAQAEKEQpVgoAFQADCgAVAA0IAAkBAAxKQVZBX0JPT0xFQU4BAAFaAQANQ29uc3RhbnRWYWx1
+ZQMAAAABAQAJSkFWQV9DSEFSAQABQwMAAABYAQAJSkFWQV9CWVRFAQABQgMAAAB7AQAKSkFXQV9TSE9SVAEAAVMDAAABXgEACEpBVkFfSU5UAQABSQMAAIAA
+AQAJSkFWQV9MT05HAQABSgUAAAAAdzWUAAEACkpBVkFfRkxPQVQBAAFGBEBI9cMBAAtKQVZBX0RPVUJMRQEAAUQGQAW/CosEkZsBAAtKQVZBX1NUUklORwEA
+EkxqYXZhL2xhbmcvU3RyaW5nOwEABENvZGUBAA9MaW5lTnVtYmVyVGFibGUBAANsb2cBAARtYWluAQAWKFtMamF2YS9sYW5nL1N0cmluZzspVgEADGxhbWJk
+YSRydW4kMAEAClNvdXJjZUZpbGUBAAtTYW1wbGUuamF2YQEAEEJvb3RzdHJhcE1ldGhvZHMQAAYPBgBaCgAVAFsMAFQABg8GAF0KAF4AXwcAYAwAYQBiAQAi
+amF2YS9sYW5nL2ludm9rZS9MYW1iZGFNZXRhZmFjdG9yeQEAC21ldGFmYWN0b3J5AQDMKExqYXZhL2xhbmcvaW52b2tlL01ldGhvZEhhbmRsZXMkTG9va3Vw
+O0xqYXZhL2xhbmcvU3RyaW5nO0xqYXZhL2xhbmcvaW52b2tlL01ldGhvZFR5cGU7TGphdmEvbGFuZy9pbnZva2UvTWV0aG9kVHlwZTtMamF2YS9sYW5nL2lu
+dm9rZS9NZXRob2RIYW5kbGU7TGphdmEvbGFuZy9pbnZva2UvTWV0aG9kVHlwZTspTGphdmEvbGFuZy9pbnZva2UvQ2FsbFNpdGU7AQAMSW5uZXJDbGFzc2Vz
+BwBlAQAlamF2YS9sYW5nL2ludm9rZS9NZXRob2RIYW5kbGVzJExvb2t1cAcAZwEAHmphdmEvbGFuZy9pbnZva2UvTWV0aG9kSGFuZGxlcwEABkxvb2t1cAAh
+ABUAAgABAAwACQAaADIAMwABADQAAAACADUAGgA2ADcAAQA0AAAAAgA4ABoAOQA6AAEANAAAAAIAOwAaADwAPQABADQAAAACAD4AGgA/AEAAAQA0AAAAAgBB
+ABoAQgBDAAEANAAAAAIARAAaAEYARwABADQAAAACAEgAGgBJAEoAAQA0AAAAAgBLABoATQBOAAEANAAAAAIAIAAFAAEABQAGAAEATwAAAB0AAQABAAAABSq3
+AAGxAAAAAQBQAAAABgABAAAABAABAAkABgABAE8AAAAtAAEAAgAAAA26AAcAAEwruQALAQCxAAAAAQBQAAAADgADAAAAEgAGABMADAAUAAEAUQAGAAEATwAA
+AFYAAwABAAAAKrIADwS2ABeyAA8QWLYAHbIADxIgtgAisgAPFAAltgAnsgAPFAAqtgAssQAAAAEAUAAAABoABgAAABcABwAYAA8AGQAXABoAIAAbACkAHAAJ
+AFIAUwABAE8AAAAnAAIAAQAAAAu7ABVZtwAvtgAwsQAAAAEAUAAAAAoAAgAAAB8ACgAgEAoAVAAGAAEATwAAACEAAgAAAAAACbIADxIxtgAisQAAAAEAUAAA
+AAYAAQAAABIAAwBVAAAAAgBWAFcAAAAMAAEAXAADAFgAWQBYAGMAAAAKAAEAZABmAGgAGQ==
+"""
+
+
+class TestJclassScanner(unittest.TestCase):
+
+    def setUp(self):
+        self.maxDiff = None
+
+    def test_get_utf8_constants_n(self):
+        with self.assertRaises(AttributeError):
+            JclassScanner.get_utf8_constants(None)
+        with self.assertRaises(Exception):
+            JclassScanner.get_utf8_constants(io.BytesIO(b''))
+        self.assertListEqual([], JclassScanner.get_utf8_constants(io.BytesIO(AZ_DATA)))
+
+    def test_get_utf8_constants_p(self):
+        data = base64.b64decode(SAMPLE_B64)
+        self.assertListEqual([
+            'java/lang/Object', '<init>', '()V', 'run', '()Ljava/lang/Runnable;', 'java/lang/Runnable',
+            'java/lang/System', 'out', 'Ljava/io/PrintStream;', 'Sample', 'java/io/PrintStream', 'println', '(Z)V',
+            '(C)V', 'bace4d19-beef-cafe-coo1-9129474bcd81', '(Ljava/lang/String;)V', '(J)V', '(D)V', 'JAVA_BOOLEAN',
+            'Z', 'ConstantValue', 'JAVA_CHAR', 'C', 'JAVA_BYTE', 'B', 'JAWA_SHORT', 'S', 'JAVA_INT', 'I', 'JAVA_LONG',
+            'J', 'JAVA_FLOAT', 'F', 'JAVA_DOUBLE', 'D', 'JAVA_STRING', 'Ljava/lang/String;', 'Code', 'LineNumberTable',
+            'log', 'main', '([Ljava/lang/String;)V', 'lambda$run$0', 'SourceFile', 'Sample.java', 'BootstrapMethods',
+            'java/lang/invoke/LambdaMetafactory', 'metafactory',
+            ('(Ljava/lang/invoke/MethodHandles$Lookup;Ljava/lang/String;Ljava/lang/invoke/MethodType;'
+             'Ljava/lang/invoke/MethodType;Ljava/lang/invoke/MethodHandle;Ljava/lang/invoke/MethodType;'
+             ')Ljava/lang/invoke/CallSite;'), 'InnerClasses', 'java/lang/invoke/MethodHandles$Lookup',
+            'java/lang/invoke/MethodHandles', 'Lookup'
+        ], JclassScanner.get_utf8_constants(io.BytesIO(data[8:])))

tests/samples/Sample.class

@@ -1,5 +1,36 @@
 import java.util.Base64;
-public class Sample {
+import java.util.function.Consumer;
+
+public class Sample implements Runnable {
+
+    private static final boolean JAVA_BOOLEAN = true;
+    private static final char JAVA_CHAR = 'X';
+    private static final byte JAVA_BYTE = 123;
+    private static final short JAWA_SHORT = 350;
+    private static final int JAVA_INT = 32768;
+    private static final long JAVA_LONG = 2000000000L;
+    private static final float JAVA_FLOAT = 3.14f;
+    private static final double JAVA_DOUBLE = 2.718281828;
+    private static final String JAVA_STRING = "bace4d19-beef-cafe-coo1-9129474bcd81";
+
+    @Override
+    public void run() {
+        Runnable r = () -> System.out.println("run");
+        r.run();
+    }
+
+    public void log() {
+        System.out.println(JAVA_BOOLEAN);
+        System.out.println(JAVA_CHAR);
+        System.out.println(JAVA_STRING);
+        System.out.println(JAVA_BYTE + JAWA_SHORT + JAVA_INT + JAVA_LONG);
+        System.out.println(JAVA_FLOAT + JAVA_DOUBLE);
+    }
+
+    public static void main(String[] args) {
+        new Sample().run();
+    }
+
     private static byte [] getPrivateKey1() {
         final byte [] pkey = Base64.getMimeDecoder().decode(
             "MIIBOgIBAAJBAL1/hJjtuMbjbVXo6wYT1SxiROOvwgffVSvOAk5aN2d4wYTC25k3"+
@@ -11,6 +42,7 @@ public class Sample {
             "LFj5jkNs4iSqphZo8eISUdol/9Zo/dkrHC41kbYJ");
         return pkey;
     }
+
     private static byte [] getPrivateKey8() {
         final String text =
             "MIIBvTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIT0gWHcAV1rACAggA\n"+
@@ -26,6 +58,7 @@ public class Sample {
         final byte [] pkey = Base64.getMimeDecoder().decode(text);
         return pkey;
     }
+
     public static byte[] get(boolean encryption){
         if (encryption) {
             return Sample.getPrivateKey8();
@@ -34,4 +67,5 @@ public static byte[] get(boolean encryption){
         }
     }
 }
+
 /* javac Sample.java && javap -c -l -p -v -s Sample.class */

tests/samples/Sample.java

@@ -492,7 +492,7 @@ def test_depth_p(self) -> None:
                     cvs_checksum = hashlib.md5(f.read()).digest()
                 checksum = bytes(a ^ b for a, b in zip(checksum, cvs_checksum))
         # update the checksum manually and keep line endings in the samples as is (git config core.autocrlf false)
-        self.assertEqual("bffe4dc7750fc983b31c33fc0f67bbb2", binascii.hexlify(checksum).decode())
+        self.assertEqual("4a12fce9d4c17e6b3aaef0f4be070225", binascii.hexlify(checksum).decode())
         normal_report = []
         sorted_report = []
         with tempfile.TemporaryDirectory() as tmp_dir: