From 527fe980545ee9274d7b2a2a681f61557ef030b2 Mon Sep 17 00:00:00 2001
From: atxr <alexandre.tullot@gmail.com>
Date: Wed, 21 Feb 2024 16:16:12 +0100
Subject: [PATCH] Add first draft of scan zip

---
 libmineziper/include/libmineziper.h |  1 +
 libmineziper/src/libmineziper.c     | 71 +++++++++++++++++++++++++++++
 2 files changed, 72 insertions(+)

diff --git a/libmineziper/include/libmineziper.h b/libmineziper/include/libmineziper.h
index 7e25008..4bf4099 100644
--- a/libmineziper/include/libmineziper.h
+++ b/libmineziper/include/libmineziper.h
@@ -8,5 +8,6 @@
 
 bool detect_overlaps(char* filename);
 int get_uncompressed_size(zip* in);
+bool scan_zip(char* zip_data, int zip_size);
 
 #endif
\ No newline at end of file
diff --git a/libmineziper/src/libmineziper.c b/libmineziper/src/libmineziper.c
index 6858ddd..5595881 100644
--- a/libmineziper/src/libmineziper.c
+++ b/libmineziper/src/libmineziper.c
@@ -1,3 +1,6 @@
+#include <assert.h>
+#include <stdio.h>
+
 #include "libmineziper.h"
 
 bool detect_overlaps(char* filename)
@@ -16,3 +19,71 @@ int get_uncompressed_size(zip* in)
 
   return size;
 }
+
+bool scan_zip(char* zip_data, int zip_size)
+{
+  zip zip;
+  get_eocd(zip_data, zip_size, &zip);
+  get_cdh(zip_data, &zip);
+
+  for (int i = 0; i < zip.entries; i++)
+  {
+    LFH* lfh = &zip_data[zip.lfh_off[i]];
+
+    if (lfh->compression_method == DEFLATE)
+    {
+      int lfh_length = sizeof(LFH) + lfh->filename_length + lfh->extraf_length;
+      char* encoded_block = &((char*) lfh)[lfh_length];
+      char* decoded_data = "";
+
+      bitstream bs = init_bitstream(encoded_block, lfh->compressed_size, 0);
+      ISH deflate_header = {.raw = get_bits(&bs, 3)};
+
+      if (deflate_header.block_type == 0)
+      {
+        align_to_next_byte(&bs);
+        short block_size = get_bits(&bs, 16);
+        short inv_block_size = get_bits(&bs, 16);
+        assert(block_size == ~inv_block_size);
+
+        decoded_data = malloc(block_size);
+
+        memcpy(decoded_data, &bs.data[bs.current_data_offset], block_size);
+      }
+
+      else if (deflate_header.block_type == 1)
+      {
+        printf("[FILE %d] Scanning 1 block...\n", i);
+        decoded_data = malloc(lfh->uncompressed_size);
+
+        decode_type1_block_vuln(&bs, decoded_data);
+      }
+
+      else if (deflate_header.block_type == 2)
+      {
+        fprintf(
+            stderr,
+            "[FILE %d] Dynamic Huffman codes block type not supported\n",
+            i);
+      }
+
+      else
+      {
+        fprintf(stderr, "[FILE %d] Error in compressed data\n", i);
+      }
+
+#include <string.h>
+      if (strcmp("VIRUS", decoded_data) == NULL)
+      {
+        printf("-> VIRUS FOUND\n");
+        return true;
+      }
+      else
+      {
+        printf("-> OK\n\n");
+      }
+    }
+  }
+
+  return false;
+}