From 3cfabe052a889e8f2c7edd5adf90b1a3aae67f9b Mon Sep 17 00:00:00 2001
From: c-urly <bhattrishi8@gmail.com>
Date: Thu, 4 Jan 2024 15:07:01 -0500
Subject: [PATCH] Adding ELF support for floss. Changes include adding elf
 header in SUPPORTED_FILE_MAGIC

---
 floss/const.py             |  2 +-
 floss/language/identify.py |  4 ++--
 floss/main.py              | 14 +++++++++++---
 3 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/floss/const.py b/floss/const.py
index 336988083..24140f7df 100644
--- a/floss/const.py
+++ b/floss/const.py
@@ -3,7 +3,7 @@
 KILOBYTE = 1024
 MEGABYTE = 1024 * KILOBYTE
 MAX_FILE_SIZE = 16 * MEGABYTE
-SUPPORTED_FILE_MAGIC = {b"MZ"}
+SUPPORTED_FILE_MAGIC = {b"MZ",b"\x7fELF"}
 MIN_STRING_LENGTH = 4
 MAX_STRING_LENGTH = 2048
 
diff --git a/floss/language/identify.py b/floss/language/identify.py
index d337a6166..0b43bcd5f 100644
--- a/floss/language/identify.py
+++ b/floss/language/identify.py
@@ -36,11 +36,11 @@ def identify_language_and_version(sample: Path, static_strings: Iterable[StaticS
     try:
         pe = pefile.PE(str(sample))
     except pefile.PEFormatError as err:
-        logger.debug(
+        logger.error(
             f"FLOSS currently only detects if Windows PE files were written in Go or .NET. "
             f"This is not a valid PE file: {err}"
         )
-        return Language.UNKNOWN, VERSION_UNKNOWN_OR_NA
+        exit(err)
 
     is_go, version = get_if_go_and_version(pe)
     if is_go:
diff --git a/floss/main.py b/floss/main.py
index a49edea73..163191065 100644
--- a/floss/main.py
+++ b/floss/main.py
@@ -356,13 +356,20 @@ def is_supported_file_type(sample_file_path: Path):
     :return: True if file type is supported, False otherwise
     """
     with sample_file_path.open("rb") as f:
-        magic = f.read(2)
+        magic = f.read(4)
 
     if magic in SUPPORTED_FILE_MAGIC:
         return True
+    elif magic[:2] in SUPPORTED_FILE_MAGIC:
+        return True
     else:
         return False
 
+def get_file_type(sample_file_path: Path):
+    with sample_file_path.open("rb") as f:
+            magic = f.read(4)
+
+    return magic
 
 def load_vw(
     sample_path: Path,
@@ -373,7 +380,7 @@ def load_vw(
     if format not in ("sc32", "sc64"):
         if not is_supported_file_type(sample_path):
             raise WorkspaceLoadError(
-                "FLOSS currently supports the following formats for string decoding and stackstrings: PE\n"
+                "FLOSS currently supports the following formats for string decoding and stackstrings: PE, ELF\n"
                 "You can analyze shellcode using the --format sc32|sc64 switch. See the help (-h) for more information."
             )
 
@@ -390,7 +397,8 @@ def load_vw(
     else:
         vw = viv_utils.getWorkspace(str(sample_path), analyze=False, should_save=False)
 
-    viv_utils.flirt.register_flirt_signature_analyzers(vw, list(map(str, sigpaths)))
+    if get_file_type(sample_path) != b'\x7fELF':
+        viv_utils.flirt.register_flirt_signature_analyzers(vw, list(map(str, sigpaths)))
 
     vw.analyze()