feat: replace authenticode-parser impl with a custom impl

Replace the dependency with a custom der parser. The only issue is the loss of the "verify" implem, which would require a lot more dependencies to "implement".
vthib · Jun 1, 2024 · f9521c5 · f9521c5
1 parent b51d8ca
commit f9521c5
Show file tree

Hide file tree

Showing 5 changed files with 1,367 additions and 123 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/boreal/Cargo.toml b/boreal/Cargo.toml
@@ -13,7 +13,7 @@ rust-version = "1.65"
 exclude = ["/tests"]
 
 [features]
-default = ["hash", "object", "memmap", "process"]
+default = ["hash", "object", "memmap", "process", "authenticode"]
 
 # Enables the "hash" module.
 hash = ["dep:md-5", "dep:sha1", "dep:sha2", "dep:crc32fast", "dep:tlsh2"]
@@ -32,7 +32,7 @@ cuckoo = ["dep:serde_json", "yara/module-cuckoo"]
 
 # Enables the "pe.signatures" module field.
 # The `object` feature must also be enabled to get access to the "pe" module.
-authenticode = ["dep:authenticode-parser"]
+authenticode = ["dep:authenticode-parser", "dep:const-oid", "dep:der"]
 
 # Adds an API to scan files using memory maps.
 memmap = ["dep:memmap2"]
@@ -69,6 +69,8 @@ object = { version = "0.35", optional = true, default-features = false, features
 
 # "authenticode" feature
 authenticode-parser = { version = "0.5", optional = true }
+const-oid = { version = "0.9", optional = true, features = ["db"] }
+der = { version = "0.7", optional = true, features = ["derive", "oid", "std"] }
 
 # "memmap" feature
 memmap2 = { version = "0.9", optional = true }

diff --git a/boreal/src/module/pe.rs b/boreal/src/module/pe.rs
@@ -1339,17 +1339,13 @@ impl Pe {
         }
 
         #[cfg(feature = "authenticode")]
-        if let Some(token) = self.token {
-            if let Some((signatures, is_signed)) =
-                signatures::get_signatures(&data_dirs, region.mem, token)
-            {
-                let _r = map.insert("number_of_signatures", signatures.len().into());
-                let _r = map.insert("is_signed", Value::Integer(is_signed.into()));
-                let _r = map.insert("signatures", Value::Array(signatures));
-            } else {
-                let _r = map.insert("number_of_signatures", Value::Integer(0));
-                let _r = map.insert("is_signed", Value::Integer(0));
-            }
+        if let Some(signatures) = signatures::get_signatures(&data_dirs, region.mem) {
+            let _r = map.insert("number_of_signatures", signatures.len().into());
+            let _r = map.insert("is_signed", Value::Undefined);
+            let _r = map.insert("signatures", Value::Array(signatures));
+        } else {
+            let _r = map.insert("number_of_signatures", Value::Integer(0));
+            let _r = map.insert("is_signed", Value::Integer(0));
         }
 
         Some(map)