Added version number details to ZIP file output

ReFirmLabs · Nov 27, 2024 · f558c86 · f558c86
1 parent 5b49ed3
commit f558c86
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 7 deletions.
diff --git a/src/signatures/zip.rs b/src/signatures/zip.rs
@@ -21,13 +21,17 @@ pub fn zip_parser(file_data: &[u8], offset: usize) -> Result<SignatureResult, Si
     };
 
     // Parse the ZIP file header
-    if parse_zip_header(&file_data[offset..]).is_ok() {
+    if let Ok(zip_file_header) = parse_zip_header(&file_data[offset..]) {
         // Locate the end-of-central-directory header, which must come after the zip local file entries
         if let Ok(zip_info) = find_zip_eof(file_data, offset) {
             result.size = zip_info.eof - offset;
             result.description = format!(
-                "{}, file count: {}, total size: {} bytes",
-                result.description, zip_info.file_count, result.size
+                "{}, version: {}.{}, file count: {}, total size: {} bytes",
+                result.description,
+                zip_file_header.version_major,
+                zip_file_header.version_minor,
+                zip_info.file_count,
+                result.size
             );
             return Ok(result);
         }

diff --git a/src/structures/zip.rs b/src/structures/zip.rs
@@ -1,10 +1,19 @@
 use crate::structures::common::{self, StructureError};
 
+#[derive(Debug, Default, Clone)]
+pub struct ZipFileHeader {
+    pub version_major: usize,
+    pub version_minor: usize,
+}
+
 /// Validate a ZIP file header
-pub fn parse_zip_header(zip_data: &[u8]) -> Result<bool, StructureError> {
+pub fn parse_zip_header(zip_data: &[u8]) -> Result<ZipFileHeader, StructureError> {
     // Unused flag bits
     const UNUSED_FLAGS_MASK: usize = 0b11010111_10000000;
 
+    // Encrypted compression type
+    const COMPRESSION_ENCRYPTED: usize = 99;
+
     let zip_local_file_structure = vec![
         ("magic", "u32"),
         ("version", "u16"),
@@ -19,8 +28,30 @@ pub fn parse_zip_header(zip_data: &[u8]) -> Result<bool, StructureError> {
         ("extra_field_len", "u16"),
     ];
 
-    let allowed_compression_methods: Vec<usize> =
-        vec![0, 1, 2, 3, 4, 5, 6, 8, 9, 10, 12, 14, 18, 19, 98];
+    let allowed_compression_methods: Vec<usize> = vec![
+        0,
+        1,
+        2,
+        3,
+        4,
+        5,
+        6,
+        8,
+        9,
+        10,
+        12,
+        14,
+        18,
+        19,
+        20,
+        93,
+        94,
+        95,
+        96,
+        97,
+        98,
+        COMPRESSION_ENCRYPTED,
+    ];
 
     // Parse the ZIP local file structure
     if let Ok(zip_local_file_header) = common::parse(zip_data, &zip_local_file_structure, "little")
@@ -29,7 +60,10 @@ pub fn parse_zip_header(zip_data: &[u8]) -> Result<bool, StructureError> {
         if (zip_local_file_header["flags"] & UNUSED_FLAGS_MASK) == 0 {
             // Specified compression method should be one of the defined ZIP compression methods
             if allowed_compression_methods.contains(&zip_local_file_header["compression"]) {
-                return Ok(true);
+                return Ok(ZipFileHeader {
+                    version_major: zip_local_file_header["version"] / 10,
+                    version_minor: zip_local_file_header["version"] % 10,
+                });
             }
         }
     }