blob: 24e2ac3f4f1973dd0bea9c99007c5b2a4cd53f1f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
#pragma once
#include <sys/stat.h>
#include <sys/types.h>
#include <time.h>
#include <stddef.h>
#include <stdbool.h>
#include <limits.h>
#define MAX_MATCHED_PATTERNS 32
#define MAX_MATCHED_RULES 16
typedef enum {
VERDICT_UNKNOWN = 0,
VERDICT_ALLOW,
VERDICT_BLOCK,
VERDICT_QUARANTINE,
VERDICT_INFORMATIONAL
} scan_verdict_t;
struct hash_entry {
char path[PATH_MAX];
char md5[33];
char sha256[65];
double entropy;
struct stat sb;
time_t last_scanned;
size_t scan_count;
scan_verdict_t verdict;
const char *matched_patterns[MAX_MATCHED_PATTERNS];
size_t matched_pattern_count;
const char *matched_rules[MAX_MATCHED_RULES];
size_t matched_rule_count;
struct hash_entry *next; // collision handling
};
struct hash_ledger {
size_t num_buckets;
struct hash_entry **buckets;
};
// structure to hold output for multihash()
struct multihash {
char md5[33];
char sha256[65];
double entropy;
};
// TODO hash_ledger_t
struct hash_ledger *hash_ledger_init(size_t num_buckets);
void hash_ledger_destroy(struct hash_ledger *ledger);
size_t hash_ledger_bucket(struct hash_ledger *ledger, const char *path);
struct hash_entry *hash_ledger_find(struct hash_ledger *ledger, const char *path);
struct hash_entry *hash_ledger_add_or_update(struct hash_ledger *ledger,
const char *path,
struct stat *sb);
bool multihash_file(const char *path, struct multihash *out);
|
