admin/ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix all syntax errors and apply cargo fmt

Browse Source
This commit is contained in:
pandaadir05
2025-11-21 01:37:32 +02:00
parent c2ad82b687
commit 0c8721a08a
4 changed files with 109 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
ghost-core/src/hollowing.rs
View File

@@ -586,24 +586,32 @@ fn parse_pe_sections(data: &[u8]) -> Result<Vec<PESection>> {
use crate::GhostError;
if data.len() < 0x40 {
return Err(GhostError::InvalidInput { message: "Buffer too small".to_string() });
return Err(GhostError::InvalidInput {
message: "Buffer too small".to_string(),
});
}
// Check DOS signature
if &data[0..2] != b"MZ" {
return Err(GhostError::InvalidInput { message: "Invalid DOS signature".to_string() });
return Err(GhostError::InvalidInput {
message: "Invalid DOS signature".to_string(),
});
}
// Get PE offset
let pe_offset = u32::from_le_bytes([data[0x3c], data[0x3d], data[0x3e], data[0x3f]]) as usize;
if pe_offset + 0x18 >= data.len() {
return Err(GhostError::InvalidInput { message: "Invalid PE offset".to_string() });
return Err(GhostError::InvalidInput {
message: "Invalid PE offset".to_string(),
});
}
// Check PE signature
if &data[pe_offset..pe_offset + 4] != b"PE\0\0" {
return Err(GhostError::InvalidInput { message: "Invalid PE signature".to_string() });
return Err(GhostError::InvalidInput {
message: "Invalid PE signature".to_string(),
});
}
// Parse COFF header

81
ghost-core/src/live_feeds.rs
View File

@@ -115,9 +115,12 @@ impl LiveThreatFeeds {
}
async fn fetch_abuseipdb(&self, feed: &ThreatFeed) -> Result<Vec<CachedIOC>, GhostError> {
let api_key = feed.api_key.as_ref().ok_or_else(|| {
GhostError::Configuration { message: "AbuseIPDB requires API key".to_string() }
})?;
let api_key = feed
.api_key
.as_ref()
.ok_or_else(|| GhostError::Configuration {
message: "AbuseIPDB requires API key".to_string(),
})?;
let client = reqwest::Client::new();
let url = format!("{}/blacklist", feed.url);
@@ -129,18 +132,23 @@ impl LiveThreatFeeds {
.query(&[("confidenceMinimum", "90")])
.send()
.await
.map_err(|e| GhostError::ThreatIntel { message: format!("AbuseIPDB request failed: {}", e) })?;
.map_err(|e| GhostError::ThreatIntel {
message: format!("AbuseIPDB request failed: {}", e),
})?;
if !response.status().is_success() {
return Err(GhostError::ThreatIntel { message: format!(
"AbuseIPDB API returned status: {}",
response.status()
) });
return Err(GhostError::ThreatIntel {
message: format!("AbuseIPDB API returned status: {}", response.status()),
});
}
let data: serde_json::Value = response.json().await.map_err(|e| {
GhostError::Serialization { message: format!("Failed to parse AbuseIPDB response: {}", e) }
})?;
let data: serde_json::Value =
response
.json()
.await
.map_err(|e| GhostError::Serialization {
message: format!("Failed to parse AbuseIPDB response: {}", e),
})?;
let mut iocs = Vec::new();
@@ -187,20 +195,23 @@ impl LiveThreatFeeds {
.json(&serde_json::json!({ "query": "get_recent", "selector": "100" }))
.send()
.await
.map_err(|e| {
GhostError::ThreatIntel { message: format!("MalwareBazaar request failed: {}", e) }
.map_err(|e| GhostError::ThreatIntel {
message: format!("MalwareBazaar request failed: {}", e),
})?;
if !response.status().is_success() {
return Err(GhostError::ThreatIntel { message: format!(
"MalwareBazaar API returned status: {}",
response.status()
) });
return Err(GhostError::ThreatIntel {
message: format!("MalwareBazaar API returned status: {}", response.status()),
});
}
let data: serde_json::Value = response.json().await.map_err(|e| {
GhostError::Serialization { message: format!("Failed to parse MalwareBazaar response: {}", e) }
})?;
let data: serde_json::Value =
response
.json()
.await
.map_err(|e| GhostError::Serialization {
message: format!("Failed to parse MalwareBazaar response: {}", e),
})?;
let mut iocs = Vec::new();
@@ -236,9 +247,12 @@ impl LiveThreatFeeds {
}
async fn fetch_alienvault(&self, feed: &ThreatFeed) -> Result<Vec<CachedIOC>, GhostError> {
let api_key = feed.api_key.as_ref().ok_or_else(|| {
GhostError::Configuration { message: "AlienVault OTX requires API key".to_string() }
})?;
let api_key = feed
.api_key
.as_ref()
.ok_or_else(|| GhostError::Configuration {
message: "AlienVault OTX requires API key".to_string(),
})?;
let client = reqwest::Client::new();
let url = format!("{}/pulses/subscribed", feed.url);
@@ -250,18 +264,23 @@ impl LiveThreatFeeds {
.query(&[("limit", "50")])
.send()
.await
.map_err(|e| GhostError::ThreatIntel { message: format!("AlienVault request failed: {}", e) })?;
.map_err(|e| GhostError::ThreatIntel {
message: format!("AlienVault request failed: {}", e),
})?;
if !response.status().is_success() {
return Err(GhostError::ThreatIntel { message: format!(
"AlienVault API returned status: {}",
response.status()
) });
return Err(GhostError::ThreatIntel {
message: format!("AlienVault API returned status: {}", response.status()),
});
}
let data: serde_json::Value = response.json().await.map_err(|e| {
GhostError::Serialization { message: format!("Failed to parse AlienVault response: {}", e) }
})?;
let data: serde_json::Value =
response
.json()
.await
.map_err(|e| GhostError::Serialization {
message: format!("Failed to parse AlienVault response: {}", e),
})?;
let mut iocs = Vec::new();

8
ghost-core/src/pe_parser.rs
View File

@@ -434,7 +434,9 @@ pub fn parse_iat_from_memory(
_base_address: usize,
_memory_reader: impl Fn(u32, usize, usize) -> Result<Vec<u8>>,
) -> Result<Vec<ImportEntry>> {
Err(GhostError::PlatformNotSupported { feature: "IAT parsing not implemented for this platform".to_string() })
Err(GhostError::PlatformNotSupported {
feature: "IAT parsing not implemented for this platform".to_string(),
})
}
#[cfg(not(windows))]
@@ -444,5 +446,7 @@ pub fn detect_iat_hooks(
_disk_path: &str,
_memory_reader: impl Fn(u32, usize, usize) -> Result<Vec<u8>>,
) -> Result<IATHookResult> {
Err(GhostError::PlatformNotSupported { feature: "IAT hook detection not implemented for this platform".to_string() })
Err(GhostError::PlatformNotSupported {
feature: "IAT hook detection not implemented for this platform".to_string(),
})
}

63
ghost-core/src/yara_engine.rs
View File

@@ -118,9 +118,12 @@ impl DynamicYaraEngine {
/// Compile all YARA rules from the rules directory
pub fn compile_rules(&mut self) -> Result<usize, GhostError> {
let rules_dir = self.rules_path.as_ref().ok_or_else(|| {
GhostError::Configuration { message: "No rules directory configured".to_string() }
})?;
let rules_dir = self
.rules_path
.as_ref()
.ok_or_else(|| GhostError::Configuration {
message: "No rules directory configured".to_string(),
})?;
if !rules_dir.exists() {
return Err(GhostError::ConfigurationError(format!(
@@ -129,8 +132,9 @@ impl DynamicYaraEngine {
)));
}
let mut compiler = Compiler::new()
.map_err(|e| GhostError::Configuration { message: format!("YARA compiler error: {}", e) })?;
let mut compiler = Compiler::new().map_err(|e| GhostError::Configuration {
message: format!("YARA compiler error: {}", e),
})?;
let mut rule_count = 0;
self.rule_metadata.clear();
@@ -176,9 +180,14 @@ impl DynamicYaraEngine {
));
}
self.compiled_rules = Some(compiler.compile_rules().map_err(|e| {
GhostError::Configuration { message: format!("Rule compilation failed: {}", e })
})?);
self.compiled_rules =
Some(
compiler
.compile_rules()
.map_err(|e| GhostError::Configuration {
message: format!("Rule compilation failed: {}", e),
})?,
);
log::info!("Successfully compiled {} YARA rules", rule_count);
Ok(rule_count)
@@ -192,8 +201,8 @@ impl DynamicYaraEngine {
return Ok(rule_files);
}
let entries = fs::read_dir(dir).map_err(|e| {
GhostError::Configuration { message: format!("Failed to read rules directory: {}", e })
let entries = fs::read_dir(dir).map_err(|e| GhostError::Configuration {
message: format!("Failed to read rules directory: {}", e),
})?;
for entry in entries.flatten() {
@@ -225,7 +234,9 @@ impl DynamicYaraEngine {
let rules = self
.compiled_rules
.as_ref()
.ok_or_else(|| GhostError::Configuration { message: "YARA rules not compiled".to_string( }))?;
.ok_or_else(|| GhostError::Configuration {
message: "YARA rules not compiled".to_string(),
})?;
let mut all_matches = Vec::new();
let mut bytes_scanned = 0u64;
@@ -287,12 +298,13 @@ impl DynamicYaraEngine {
data: &[u8],
base_address: usize,
) -> Result<Vec<RuleMatch>, GhostError> {
let mut scanner = Scanner::new(rules)
.map_err(|e| GhostError::Detection { message: format!("Scanner creation failed: {}", e }))?;
let mut scanner = Scanner::new(rules).map_err(|e| GhostError::Detection {
message: format!("Scanner creation failed: {}", e),
})?;
let scan_results = scanner
.scan_mem(data)
.map_err(|e| GhostError::Detection { message: format!("Scan failed: {}", e }))?;
let scan_results = scanner.scan_mem(data).map_err(|e| GhostError::Detection {
message: format!("Scan failed: {}", e),
})?;
let mut matches = Vec::new();
@@ -349,8 +361,11 @@ impl DynamicYaraEngine {
use windows::Win32::System::Threading::{OpenProcess, PROCESS_VM_READ};
unsafe {
let handle = OpenProcess(PROCESS_VM_READ, false, pid)
.map_err(|e| GhostError::MemoryEnumeration { reason: format!("OpenProcess failed: {}", e }))?;
let handle = OpenProcess(PROCESS_VM_READ, false, pid).map_err(|e| {
GhostError::MemoryEnumeration {
reason: format!("OpenProcess failed: {}", e),
}
})?;
let mut buffer = vec![0u8; region.size];
let mut bytes_read = 0;
@@ -383,16 +398,20 @@ impl DynamicYaraEngine {
use std::io::{Read, Seek, SeekFrom};
let mem_path = format!("/proc/{}/mem", pid);
let mut file = File::open(&mem_path).map_err(|e| {
GhostError::MemoryEnumeration { reason: format!("Failed to open {}: {}", mem_path, e })
let mut file = File::open(&mem_path).map_err(|e| GhostError::MemoryEnumeration {
reason: format!("Failed to open {}: {}", mem_path, e),
})?;
file.seek(SeekFrom::Start(region.base_address as u64))
.map_err(|e| GhostError::MemoryEnumeration { reason: format!("Seek failed: {}", e }))?;
.map_err(|e| GhostError::MemoryEnumeration {
reason: format!("Seek failed: {}", e),
})?;
let mut buffer = vec![0u8; region.size];
file.read_exact(&mut buffer)
.map_err(|e| GhostError::MemoryEnumeration { reason: format!("Read failed: {}", e }))?;
.map_err(|e| GhostError::MemoryEnumeration {
reason: format!("Read failed: {}", e),
})?;
Ok(buffer)
}