CalvinBackup/HackBrowserData
1
0
Fork 0
mirror of https://github.com/moonD4rk/HackBrowserData.git synced 2026-05-19 18:58:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
b3dd4ed6e4906951f3f5e1f42353e76a9a207dd4
HackBrowserData/browser/chromium/source.go
T
Roger b3dd4ed6e4 feat: add Chromium extract methods and source mapping (#521) 
* feat: add Chromium extract methods, source mapping, and tests

Implement per-category data extraction for Chromium browsers as typed
standalone functions, preparing for Phase 8 wiring into the new
Chromium struct.

New files:
- source.go: dataSource struct, chromiumSources/yandexSources maps,
  yandexQueryOverrides for Yandex action_url variant
- decrypt.go: decryptValue() wrapping platform-specific decryption
- extract_password.go: SQLite + decrypt → []LoginEntry
- extract_cookie.go: SQLite + decrypt → []CookieEntry
- extract_creditcard.go: SQLite + decrypt → []CreditCardEntry
- extract_history.go: SQLite → []HistoryEntry
- extract_download.go: SQLite → []DownloadEntry
- extract_bookmark.go: JSON recursive → []BookmarkEntry
- extract_extension.go: JSON → []ExtensionEntry
- extract_storage.go: LevelDB → []StorageEntry (local + session)
- firefox/source.go: firefoxSources map

Tests use real Chrome table schemas for SQLite fixtures, with INSERT
helpers to keep test data readable and self-documenting.

Ref #520

* fix: remove LevelDB invalid path test (Windows compatibility)

leveldb.OpenFile creates the directory on Windows instead of returning
an error, causing TestExtractLocalStorage_InvalidPath to fail in CI.
This test was verifying LevelDB behavior, not our extraction logic.

* refactor: remove unused query parameter from extract functions

Only extractPasswords needs the query override (Yandex action_url).
The other 7 SQLite extract functions always use their default query,
so remove the unnecessary query parameter from their signatures.

* refactor: use DetectVersion in decryptValue instead of blind fallback

Replace try-then-fallback pattern with explicit version detection using
crypto.DetectVersion. Routes v10 to DecryptWithChromium, DPAPI to
DecryptWithDPAPI, and adds a TODO placeholder for v20 App-Bound
Encryption.

* chore: relax gocognit and gocritic linters for test files

* revert: restore strict gocognit and gocritic linters for test files

* fix: address review feedback on extract methods

- Store DetectVersion result in local variable to avoid duplicate call
- Scan credit card expiration_month/year as int then convert to string
  (matches INTEGER column type in real Chrome schema)
- Add os.Stat check before leveldb.OpenFile to prevent creating empty
  directories for non-existent paths
- Rename TestExtractExtensions_InvalidJSON to
  TestExtractExtensions_MissingSettingsPath (JSON is valid, path is missing)

* fix: revert creditcard scan to string type for NULL safety

modernc.org/sqlite handles INTEGER→string conversion automatically.
Scanning into string is safer for nullable columns — NULL becomes ""
instead of "0" which would be an invalid month/year.
2026-04-04 01:41:01 +08:00

49 lines
2.0 KiB
Go
Raw Blame History

package chromium
import "github.com/moond4rk/hackbrowserdata/types"
// dataSource maps a Category to one or more candidate file paths within a profile directory.
// paths are tried in order; the first one that exists is used.
type dataSource struct {
paths []string // candidate relative paths in priority order
isDir bool // true for LevelDB directories
}
// chromiumSources defines the standard Chromium file layout.
var chromiumSources = map[types.Category]dataSource{
types.Password: {paths: []string{"Login Data"}},
types.Cookie: {paths: []string{"Network/Cookies", "Cookies"}},
types.History: {paths: []string{"History"}},
types.Download: {paths: []string{"History"}}, // same file, different query
types.Bookmark: {paths: []string{"Bookmarks"}},
types.CreditCard: {paths: []string{"Web Data"}},
types.Extension: {paths: []string{"Secure Preferences"}},
types.LocalStorage: {paths: []string{"Local Storage/leveldb"}, isDir: true},
types.SessionStorage: {paths: []string{"Session Storage"}, isDir: true},
}
// yandexSourceOverrides contains only the entries that differ from chromiumSources.
// At initialization time, these are merged into a copy of chromiumSources.
var yandexSourceOverrides = map[types.Category]dataSource{
types.Password: {paths: []string{"Ya Passman Data"}},
types.CreditCard: {paths: []string{"Ya Credit Cards"}},
}
// yandexSources returns chromiumSources with Yandex-specific overrides applied.
func yandexSources() map[types.Category]dataSource {
sources := make(map[types.Category]dataSource, len(chromiumSources))
for k, v := range chromiumSources {
sources[k] = v
}
for k, v := range yandexSourceOverrides {
sources[k] = v
}
return sources
}
// yandexQueryOverrides provides SQL query overrides for Yandex Browser.
// Yandex uses action_url instead of origin_url for password storage.
var yandexQueryOverrides = map[types.Category]string{
types.Password: `SELECT action_url, username_value, password_value, date_created FROM logins`,
}
Reference in New Issue View Git Blame Copy Permalink