EvotecIT
diff --git a/‎FileInspectorX.Tests/CryptoDetectionsTests.cs‎
Lines changed: 386 additions & 67 deletions b/‎FileInspectorX.Tests/CryptoDetectionsTests.cs‎
Lines changed: 386 additions & 67 deletions
diff --git a/‎FileInspectorX.Tests/DetectionSettingsCollection.cs‎
Lines changed: 13 additions & 0 deletions b/‎FileInspectorX.Tests/DetectionSettingsCollection.cs‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎FileInspectorX.Tests/DetectorTests.cs‎
Lines changed: 76 additions & 15 deletions b/‎FileInspectorX.Tests/DetectorTests.cs‎
Lines changed: 76 additions & 15 deletions
diff --git a/‎FileInspectorX.Tests/Fixtures/crypto/der-cert-incomplete-envelope.cer‎
22 Bytes b/‎FileInspectorX.Tests/Fixtures/crypto/der-cert-incomplete-envelope.cer‎
22 Bytes
diff --git a/‎FileInspectorX.Tests/Fixtures/crypto/der-cert-rsa-oid-lookalike.cer‎
20 Bytes b/‎FileInspectorX.Tests/Fixtures/crypto/der-cert-rsa-oid-lookalike.cer‎
20 Bytes
diff --git a/‎FileInspectorX.Tests/Fixtures/crypto/pkcs12-contenttype-lookalike.p12‎
17 Bytes b/‎FileInspectorX.Tests/Fixtures/crypto/pkcs12-contenttype-lookalike.p12‎
17 Bytes
diff --git a/‎FileInspectorX.Tests/Fixtures/crypto/pkcs12-missing-authsafe-wrapper.p12‎
Lines changed: 1 addition & 0 deletions b/‎FileInspectorX.Tests/Fixtures/crypto/pkcs12-missing-authsafe-wrapper.p12‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎FileInspectorX.Tests/Fixtures/crypto/pkcs7-missing-explicit-wrapper.p7b‎
15 Bytes b/‎FileInspectorX.Tests/Fixtures/crypto/pkcs7-missing-explicit-wrapper.p7b‎
15 Bytes
diff --git a/‎FileInspectorX.Tests/Fixtures/crypto/pkcs7-signeddata-oid-lookalike.p7b‎
17 Bytes b/‎FileInspectorX.Tests/Fixtures/crypto/pkcs7-signeddata-oid-lookalike.p7b‎
17 Bytes
diff --git a/‎FileInspectorX/Analysis/FileAnalysis.cs‎
Lines changed: 7 additions & 7 deletions b/‎FileInspectorX/Analysis/FileAnalysis.cs‎
Lines changed: 7 additions & 7 deletions
@@ -0,0 +1,13 @@
+using Xunit;
+
+namespace FileInspectorX.Tests;
+
+// This collection serializes tests that temporarily lower Settings.DetectionReadBudgetBytes.
+[CollectionDefinition(nameof(DetectionSettingsCollection), DisableParallelization = true)]
+public sealed class DetectionSettingsCollection : ICollectionFixture<DetectionSettingsFixture>
+{
+}
+
+public sealed class DetectionSettingsFixture
+{
+}
@@ -556,20 +556,30 @@ public void Detect_MachO_64LE() {
         } finally { if (File.Exists(p)) File.Delete(p); }
     }
 
-    [Fact]
-    public void Detect_Msg_Basic() {
-        var p = Path.GetTempFileName();
-        try {
-            var list = new List<byte>();
-            list.AddRange(new byte[] { 0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1 });
-            list.AddRange(new byte[128]);
-            list.AddRange(System.Text.Encoding.ASCII.GetBytes("__substg1.0_007D"));
-            File.WriteAllBytes(p, list.ToArray());
-            var res = FI.Detect(p);
-            Assert.NotNull(res);
-            Assert.Equal("msg", res!.Extension);
-        } finally { if (File.Exists(p)) File.Delete(p); }
-    }
+    [Fact]
+    public void Detect_Msg_Basic() {
+        var p = Path.GetTempFileName();
+        try {
+            WriteSyntheticOleDirectoryFile(p, "__substg1.0_007D", "__properties_version1.0");
+            var res = FI.Detect(p);
+            Assert.NotNull(res);
+            Assert.Equal("msg", res!.Extension);
+        } finally { if (File.Exists(p)) File.Delete(p); }
+    }
+
+    [Fact]
+    public void Detect_Msg_DoesNotMatch_OleFile_With_Marker_Bytes_Outside_DirectoryEntries() {
+        var p = Path.GetTempFileName();
+        try {
+            var list = new List<byte>();
+            list.AddRange(new byte[] { 0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1 });
+            list.AddRange(new byte[128]);
+            list.AddRange(System.Text.Encoding.ASCII.GetBytes("__substg1.0_007D"));
+            File.WriteAllBytes(p, list.ToArray());
+            var res = FI.Detect(p);
+            Assert.True(res == null || !string.Equals(res.Extension, "msg", StringComparison.OrdinalIgnoreCase));
+        } finally { if (File.Exists(p)) File.Delete(p); }
+    }
 
     [Fact]
     public void Classify_ContentKind_Works() {
@@ -599,7 +609,7 @@ public void Guess_Zip_Subtypes_Jar() {
     }
 
     [Fact]
-    public void Guess_Zip_Subtypes_Epub() {
+    public void Guess_Zip_Subtypes_Epub() {
         var p = Path.GetTempFileName();
         var zip = p + ".zip";
         try {
@@ -633,6 +643,57 @@ public void Guess_Zip_Subtypes_Vsix() {
         } finally { if (File.Exists(p)) File.Delete(p); if (File.Exists(zip)) File.Delete(zip); }
     }
 
+    private static void WriteSyntheticOleDirectoryFile(string path, params string[] directoryNames)
+    {
+        var header = new byte[512];
+        var sig = new byte[]{0xD0,0xCF,0x11,0xE0,0xA1,0xB1,0x1A,0xE1};
+        Array.Copy(sig, 0, header, 0, sig.Length);
+        header[0x1E] = 0x09;
+        header[0x1F] = 0x00;
+        // Our mini CFBF reader maps sector N to offset 512 + ((N + 1) * 512),
+        // so FAT sector SID 0 lives at 1024 and directory sector SID 2 lives at 2048.
+        WriteLe32(header, 0x2C, 1);
+        WriteLe32(header, 0x30, 2);
+        WriteLe32(header, 0x4C, 0);
+
+        var fat = new byte[512];
+        const int ENDOFCHAIN = unchecked((int)0xFFFFFFFE);
+        WriteLe32(fat, 2 * 4, ENDOFCHAIN);
+
+        var dir = new byte[512];
+        for (int i = 0; i < directoryNames.Length && i < 4; i++)
+        {
+            WriteDirName(dir, i * 128, directoryNames[i]);
+        }
+
+        using var fs = File.Create(path);
+        fs.Write(header, 0, header.Length);
+        fs.Position = 1024;
+        fs.Write(fat, 0, fat.Length);
+        fs.Position = 2048;
+        fs.Write(dir, 0, dir.Length);
+
+        static void WriteDirName(byte[] buf, int offset, string name)
+        {
+            var bytes = System.Text.Encoding.Unicode.GetBytes(name + "\0");
+            Array.Copy(bytes, 0, buf, offset, Math.Min(bytes.Length, 64));
+            ushort len = (ushort)Math.Min(bytes.Length, 128);
+            buf[offset + 0x40] = (byte)(len & 0xFF);
+            buf[offset + 0x41] = (byte)((len >> 8) & 0xFF);
+        }
+
+        static void WriteLe32(byte[] buffer, int offset, int value)
+        {
+            unchecked
+            {
+                buffer[offset] = (byte)(value & 0xFF);
+                buffer[offset + 1] = (byte)((value >> 8) & 0xFF);
+                buffer[offset + 2] = (byte)((value >> 16) & 0xFF);
+                buffer[offset + 3] = (byte)((value >> 24) & 0xFF);
+            }
+        }
+    }
+
     [Fact]
     public void Analyze_Zip_With_Inner_Zip_Flags_Nested_Archive_Subtype() {
         var p = Path.GetTempFileName();
 
@@ -0,0 +1 @@
+00		*�H��
 
@@ -175,13 +175,13 @@ public class FileAnalysis {
     public CertificateInfo? Certificate { get; set; }
 
     /// <summary>
-    /// For PKCS#7 certificate bundles (.p7b/.spc): number of certificates and their subjects (best-effort).
-    /// </summary>
-    public int? CertificateBundleCount { get; set; }
-    /// <summary>
-    /// Subjects present in a PKCS#7 certificate bundle, when parsed.
-    /// </summary>
-    public IReadOnlyList<string>? CertificateBundleSubjects { get; set; }
+    /// For PKCS#7 certificate/signature payloads (.p7b/.spc/.p7s): number of certificates and their subjects (best-effort).
+    /// </summary>
+    public int? CertificateBundleCount { get; set; }
+    /// <summary>
+    /// Subjects present in a PKCS#7 certificate/signature payload, when parsed.
+    /// </summary>
+    public IReadOnlyList<string>? CertificateBundleSubjects { get; set; }
 
     /// <summary>
     /// When content appears encoded (e.g., base64, hex), indicates the encoding kind.