* feat: add CountEntries to skip decryption for list --detail (#549)
* test: add CountEntries and countCategory tests at browser level
* fix: address review feedback on CountRows and countLocalStorage
* test: add CountRows unit tests
* fix: implement proper Chromium localStorage LevelDB parsing
* feat: add IsMeta field to StorageEntry and keep META entries
* fix: add error logging for decryption and missing data fields
* fix: address PR review for localStorage parsing
* fix: use naïve instead of café in Latin-1 test to avoid typos false positive
* fix: extension enabled detection and sessionStorage decoding
* fix: session storage origin resolution and extension enabled detection
* fix: address PR review comments for storage parsing
* feat: add Chromium Browser implementation with new architecture
* refactor: replace Walk with ReadDir+Stat for profile discovery
* refactor: remove queries override, use extractors for Yandex passwords
* refactor: remove dataSource wrapper, use []sourcePath directly
* fix: address Copilot review feedback on chromium_new.go
* fix: always call key retriever regardless of Local State existence
* feat: add Firefox extract methods and complete data model fields
Firefox extract methods:
- extractPasswords: JSON + ASN1PBE decryption via decryptPBE helper
- extractCookies: SQLite, plaintext (no encryption), journalOff
- extractHistories: SQLite, visit count ASC sort (matches old behavior)
- extractDownloads: SQLite, moz_annos JOIN with JSON content parsing
- extractBookmarks: SQLite, moz_bookmarks JOIN moz_places
- extractExtensions: JSON, filter by location=app-profile
- extractLocalStorage: SQLite webappsstore2, reversed originKey parsing
Complete data model fields (union of Chromium and Firefox):
- CookieEntry: add HasExpire, IsPersistent
- DownloadEntry: add MimeType
- CreditCardEntry: add NickName, Address
- ExtensionEntry: add HomepageURL, Enabled
Update Chromium extractors to populate new fields:
- extract_cookie.go: fill HasExpire, IsPersistent
- extract_download.go: SELECT and fill mime_type
- extract_creditcard.go: SELECT nickname, billing_address_id
- extract_extension.go: fill HomepageURL, Enabled (state==1)
Tests:
- Full test coverage for all 7 Firefox extract functions
- Password test uses known ASN1PBE test vectors from crypto package
- Table-driven tests for parseOriginKey
- Updated Chromium tests for new fields
* fix: add COALESCE for nullable bookmark title in Firefox query
Firefox moz_bookmarks.title can be NULL (PR #500 fixed this in old code).
Add COALESCE to handle NULL gracefully in SQL instead of relying on
driver-specific NULL→string conversion behavior.
* fix: enable journalOff for all Firefox SQLite extractors and populate cookie flags
- Set journalOff=true for extract_history, extract_download, extract_bookmark
(Firefox databases require PRAGMA journal_mode=off to avoid lock errors)
- Populate HasExpire and IsPersistent for Firefox cookies (derived from expiry>0)
- Add test assertions for HasExpire/IsPersistent in both Chromium and Firefox
* feat: add Chromium extract methods, source mapping, and tests
Implement per-category data extraction for Chromium browsers as typed
standalone functions, preparing for Phase 8 wiring into the new
Chromium struct.
New files:
- source.go: dataSource struct, chromiumSources/yandexSources maps,
yandexQueryOverrides for Yandex action_url variant
- decrypt.go: decryptValue() wrapping platform-specific decryption
- extract_password.go: SQLite + decrypt → []LoginEntry
- extract_cookie.go: SQLite + decrypt → []CookieEntry
- extract_creditcard.go: SQLite + decrypt → []CreditCardEntry
- extract_history.go: SQLite → []HistoryEntry
- extract_download.go: SQLite → []DownloadEntry
- extract_bookmark.go: JSON recursive → []BookmarkEntry
- extract_extension.go: JSON → []ExtensionEntry
- extract_storage.go: LevelDB → []StorageEntry (local + session)
- firefox/source.go: firefoxSources map
Tests use real Chrome table schemas for SQLite fixtures, with INSERT
helpers to keep test data readable and self-documenting.
Ref #520
* fix: remove LevelDB invalid path test (Windows compatibility)
leveldb.OpenFile creates the directory on Windows instead of returning
an error, causing TestExtractLocalStorage_InvalidPath to fail in CI.
This test was verifying LevelDB behavior, not our extraction logic.
* refactor: remove unused query parameter from extract functions
Only extractPasswords needs the query override (Yandex action_url).
The other 7 SQLite extract functions always use their default query,
so remove the unnecessary query parameter from their signatures.
* refactor: use DetectVersion in decryptValue instead of blind fallback
Replace try-then-fallback pattern with explicit version detection using
crypto.DetectVersion. Routes v10 to DecryptWithChromium, DPAPI to
DecryptWithDPAPI, and adds a TODO placeholder for v20 App-Bound
Encryption.
* chore: relax gocognit and gocritic linters for test files
* revert: restore strict gocognit and gocritic linters for test files
* fix: address review feedback on extract methods
- Store DetectVersion result in local variable to avoid duplicate call
- Scan credit card expiration_month/year as int then convert to string
(matches INTEGER column type in real Chrome schema)
- Add os.Stat check before leveldb.OpenFile to prevent creating empty
directories for non-existent paths
- Rename TestExtractExtensions_InvalidJSON to
TestExtractExtensions_MissingSettingsPath (JSON is valid, path is missing)
* fix: revert creditcard scan to string type for NULL safety
modernc.org/sqlite handles INTEGER→string conversion automatically.
Scanning into string is safer for nullable columns — NULL becomes ""
instead of "0" which would be an invalid month/year.
* chore: downgrade golang version to 1.20, support windows 7
* chore: Update dependencies for Go project.
- Update dependencies in go.sum
- Improvements and optimizations in various files
- Bug fixes and error handling enhancements
* chore: Update modernc.org/sqlite library versions in go.mod and go.sum files
- Update version of `modernc.org/sqlite` to `v1.31.1` in `go.mod` and `go.sum` files
- Update module hash in `go.sum` file for `modernc.org/sqlite`
- Ensure consistency between `go.mod` and `go.sum` files in relation to `modernc.org/sqlite` version
* chore: replace log/slog with standard logger (#436)
* chore: replace log/slog with standard logger
* chore: Update Go dependencies and versions
- Update Go version from `1.22.5` to `1.20` and other dependencies
- Update critical dependencies to latest versions
- Ensure compatibility with new versions of dependencies
* chore: Optimize dependency management in workflows
- Update build and lint workflows to use `go mod tidy` for getting dependencies
- Change modules download mode to `'mod'` in linters configuration
- Add step to get dependencies in lint workflow
* refactor: Update dependencies and refactor Chromium key deletion logic
- Update `modernc.org/sqlite` to `v1.31.1` in `go.mod` and `go.sum`
- Increase version number to `0.5.0` in `cmd/hack-browser-data/main.go`
- Refactor and update logic for filtering and copying items in `browser/chromium/chromium.go`
* Improve logging functionality and data type conversion
- Add `String()` method to `DataType` enum in types.go
- Update log level to Debug in logger_test.go
- Set log level to Debug in `TestLoggerDebug` and `TestLoggerDebugf` functions
- Implement error handling for path permission errors in `chromiumWalkFunc`
- Refactor `firefoxWalkFunc` to handle permission errors and log warnings
- Add import statement for `log/slog` in `firefox/firefox.go`
- Refactored variable names for clarity and consistency in multiple files
- Updated logic to filter sensitive items based on a flag
- Implemented a function to skip processing specific paths to improve performance
* refactor: Refactor package names and imports for better code organization.
* refactor: Package imports and variable types for consistency
* chore: Disable unused-parameter rule in revive.
* refactor: Refactor and organize data extraction and browserdata parse.
* fix: rename wrong error message info
* feat: Refactor crypto decryption functions for consistency and error handling
- Close#301
- Refactored and renamed decryption functions across multiple files for consistency
- Updated cookie sorting method to sort in descending order
- Added new encryption functions for AES in CBC and GCM modes and DES in CBC mode
- Added error handling to decryption functions and created new error variables for invalid ciphertext length and decode failures
- Test cases added for encryption and decryption functions
- Removed unused code and imports.
* chore: Add new words to .typos.toml dictionary
- Add new terms to `.typos.toml` dictionary
- Improve code formatting and readability
- Refactor functions for better performance
- Update comments and documentation
- Resolve minor bugs and errors
* refactor: Refactor crypto package for better structure and readability
- Refactored and cleaned up crypto package code for better readability
- Renamed `ToByteArray` method to `bytes` for consistency
- Modified `DecryptWithDPAPI` method to use `outBlob.bytes()` for efficiency
- Added comments and removed unused methods in `loginPBE`
- Refactored `nssPBE` and `metaPBE` Decrypt methods to use `deriveKeyAndIV` helper method
- Improved overall maintainability and organization of codebase
* refactor: Refactor firefox password encryption and decryption.
- Implement ASN1PBE interface with various PBE struct types and encryption/decryption methods
- Fix naming and remove unused variables in browsingdata and crypto files
- Add tests for ASN1PBE implementation using external assertion package
- Refactor and improve error handling in firefox file functions related to master key retrieval
- Add input validation and AES-GCM encryption function to crypto file
* refactor: Simplify Firefox master key retrieval and decryption functions.
- Simplify variable names and functions in browsingdata/password/password.go
- Modify Decrypt function for each PBE type to have only one parameter named globalSalt in crypto/crypto.go
- Implement functions to retrieve master key from Firefox's key4.db file and query metadata and private NSS data in browser/firefox/firefox.go
* chore: Add dependencies and tests to Firefox package.
- Add go-sqlmock and github.com/kisielk/sqlstruct dependencies
- Add tests for Firefox package metadata and nssPrivate query
- Add test for Firefox's processMasterKey function (currently commented out)
* refactor: Refactor Firefox test functions, remove unused code
- Remove unused test function in firefox_test.go file
- Clean up code by removing unnecessary changes
- Simplify file structure for easier maintenance and readability
* refactor: Refactor file paths and use map to store item names
- Refactored file paths for various browsing data types to use a consistent method of generating temporary file names
- Modified parsing functions in many browsing data types to use the new temporary file naming scheme
- Renamed `FileName` to `Filename` for consistency in the `item` package
- Removed unnecessary code and comments throughout various files
- Made minor improvements to some Item methods such as `TempFilename` and `FileName`
* ci: Optimize GitHub actions and update Go versions. (#274)
* ci: Optimize GitHub actions and update Go versions.
- Add GitHub actions for unit testing, linting, building, and releasing
- Use a matrix strategy to test on different versions and platforms
- Update setup-go and go-version options for compatibility
- Format code and build zip files for different operating systems
- Upload releases to GitHub with specific asset names and types
* fix: Refactor item file naming convention
- Update `filename()` function to return `UnsupportedItem` in specific cases
- Replace `UnknownItem` with `UnsupportedItem` in `Filename` method of `Item` struct
- Refactor code for clarity and consistency
* ci: Update GitHub workflow with latest setup-go version
- Update setup-go action to v3 in lint.yml GitHub workflow
- Omits some big changes in file diff summary
- Improve overall workflow reliability and efficiency
* ci: Improve GitHub actions across platforms
- Improve Windows compatibility in build workflow
- Optimize unit testing for pull requests
- Upgrade Coveralls GitHub action to v2 for improved coverage tracking
* build: Optimize build process for consistency and efficiency
- Ensure consistency of line endings by disabling Git's automatic conversion
- Add format check for Windows systems
- Update Go version in strategy matrix to `1.21.x`
- Remove unused dependencies from build process
- Include all packages in repository in build command
* ci: Refactor GitHub workflow configuration
- Remove unnecessary checks for `windows-latest` in github workflow
- Change `gofmt` check to `diff` for formatting
- Remove unneeded Git configuration for encoding of line endings
- Close#273
* ci: Update default branch references in GitHub Actions workflows (#277)
- Update Github Actions workflows to use `main` branch instead of `master`.
- Rename `master` branch to `main` in `lint.yml` and `build.yml` files.
- Change default branch to `main` in `contributors.yml` workflow file.
* fix: nil browsing data in case error
Signed-off-by: Andrii Ursulenko <a.ursulenko@gmail.com>
* fix: ignore walk error, use walkdir instead of walk
---------
Signed-off-by: Andrii Ursulenko <a.ursulenko@gmail.com>
Co-authored-by: Andrii Ursulenko <a.ursulenko@gmail.com>
Roger