From 1fcf025a062b63abfbfb877c648c47d6fefc573d Mon Sep 17 00:00:00 2001 From: kazuminn Date: Sat, 31 Oct 2020 22:36:52 +0900 Subject: [PATCH] fix decode's optional --- src/detections/utils.rs | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/src/detections/utils.rs b/src/detections/utils.rs index deae75df..fc63bd0d 100644 --- a/src/detections/utils.rs +++ b/src/detections/utils.rs @@ -61,22 +61,20 @@ pub fn check_command( .unwrap() .is_match(commandline) { - /* - if let decoded = base64::decode(&base64) { - let mut d = GzDecoder::new(decoded.as_slice()); - let mut uncompressed = String::new(); - d.read_to_string(&mut uncompressed).unwrap(); - println!("Decoded : {}", uncompressed); - text.push_str("Base64-encoded and compressed function\n"); - + if let Ok(decoded) = base64::decode(&base64) { + let mut d = GzDecoder::new(decoded.as_slice()); + let mut uncompressed = String::new(); + d.read_to_string(&mut uncompressed).unwrap(); + println!("Decoded : {}", uncompressed); + text.push_str("Base64-encoded and compressed function\n"); } - */ } else { - let decoded = base64::decode(base64).unwrap(); - println!("Decoded : {}", str::from_utf8(decoded.as_slice()).unwrap()); - text.push_str("Base64-encoded function\n"); - text.push_str(&check_obfu(str::from_utf8(decoded.as_slice()).unwrap())); - text.push_str(&check_regex(str::from_utf8(decoded.as_slice()).unwrap(), 0)); + if let Ok(decoded) = base64::decode(&base64) { + println!("Decoded : {}", str::from_utf8(decoded.as_slice()).unwrap()); + text.push_str("Base64-encoded function\n"); + text.push_str(&check_obfu(str::from_utf8(decoded.as_slice()).unwrap())); + text.push_str(&check_regex(str::from_utf8(decoded.as_slice()).unwrap(), 0)); + } } } if !text.is_empty() {