feat: show encrypted / successful / attempted passwords in view/scan commands (#22)

Co-authored-by: Ayoub Faouzi <ayoubfaouzi@users.noreply.github.com>

Author: ayoubfaouzi

cmd/scan.go

@@ -46,12 +46,16 @@ func init() {
 }
 
 type scanSummary struct {
-	SHA256         string     `json:"sha256"`
-	Size           int64      `json:"size"`
-	Classification string     `json:"classification"`
-	FileFormat     string     `json:"file_format"`
-	FileExtension  string     `json:"file_extension"`
-	MultiAV        *avSummary `json:"multiav,omitempty"`
+	SHA256             string     `json:"sha256"`
+	Size               int64      `json:"size"`
+	Classification     string     `json:"classification"`
+	FileFormat         string     `json:"file_format"`
+	FileExtension      string     `json:"file_extension"`
+	Encrypted          bool       `json:"encrypted,omitempty"`
+	DecryptionSuccess  *bool      `json:"decryption_success,omitempty"`
+	SuccessfulPassword string     `json:"successful_password,omitempty"`
+	AttemptedPasswords []string   `json:"attempted_passwords,omitempty"`
+	MultiAV            *avSummary `json:"multiav,omitempty"`
 }
 
 type avSummary struct {
@@ -61,11 +65,15 @@ type avSummary struct {
 
 func buildScanSummary(file entity.File) scanSummary {
 	s := scanSummary{
-		SHA256:         file.SHA256,
-		Size:           file.Size,
-		Classification: file.Classification,
-		FileFormat:     file.Format,
-		FileExtension:  file.Extension,
+		SHA256:             file.SHA256,
+		Size:               file.Size,
+		Classification:     file.Classification,
+		FileFormat:         file.Format,
+		FileExtension:      file.Extension,
+		Encrypted:          file.Encrypted,
+		DecryptionSuccess:  file.DecryptionSuccess,
+		SuccessfulPassword: file.SuccessfulPassword,
+		AttemptedPasswords: file.AttemptedPasswords,
 	}
 
 	if lastScan, ok := file.MultiAV["last_scan"].(map[string]any); ok {

cmd/scanui.go

@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"strings"
 	"time"
 
 	"github.com/charmbracelet/bubbles/spinner"
@@ -107,7 +108,7 @@ func uploadFileCmd(index int, web webapi.Service, filename, token string) tea.Cm
 				sha256:      file.SHA256,
 				size:        file.Size,
 				isArchive:   file.IsArchive,
-				childHashes: file.ArchiveFiles,
+				childHashes: derivedHashes(file.DerivedFiles),
 			}
 		} else if forceRescanFlag {
 			// Fetch the existing file to check if it's an archive.
@@ -116,19 +117,19 @@ func uploadFileCmd(index int, web webapi.Service, filename, token string) tea.Cm
 				return fileUploadedMsg{index: index, err: fmt.Errorf("get file: %w", err)}
 			}
 
-			if file.IsArchive && len(file.ArchiveFiles) > 0 {
+			if file.IsArchive && len(file.DerivedFiles) > 0 {
 				// Archive: rescan each child, not the container itself.
-				for _, childHash := range file.ArchiveFiles {
-					if err := web.Rescan(childHash, token, osFlag, enableDetonationFlag, timeoutFlag); err != nil {
-						return fileUploadedMsg{index: index, err: fmt.Errorf("rescan child %s: %w", childHash[:12], err)}
+				for _, df := range file.DerivedFiles {
+					if err := web.Rescan(df.SHA256, token, osFlag, enableDetonationFlag, timeoutFlag); err != nil {
+						return fileUploadedMsg{index: index, err: fmt.Errorf("rescan child %s: %w", df.SHA256[:12], err)}
 					}
 				}
 				return fileUploadedMsg{
 					index:       index,
 					sha256:      sha256,
 					size:        file.Size,
 					isArchive:   true,
-					childHashes: file.ArchiveFiles,
+					childHashes: derivedHashes(file.DerivedFiles),
 				}
 			}
 
@@ -181,18 +182,18 @@ func rescanFileCmd(index int, web webapi.Service, sha256, token string) tea.Cmd
 			return fileUploadedMsg{index: index, err: fmt.Errorf("get file: %w", err)}
 		}
 
-		if file.IsArchive && len(file.ArchiveFiles) > 0 {
-			for _, childHash := range file.ArchiveFiles {
-				if err := web.Rescan(childHash, token, osFlag, enableDetonationFlag, timeoutFlag); err != nil {
-					return fileUploadedMsg{index: index, err: fmt.Errorf("rescan child %s: %w", childHash[:12], err)}
+		if file.IsArchive && len(file.DerivedFiles) > 0 {
+			for _, df := range file.DerivedFiles {
+				if err := web.Rescan(df.SHA256, token, osFlag, enableDetonationFlag, timeoutFlag); err != nil {
+					return fileUploadedMsg{index: index, err: fmt.Errorf("rescan child %s: %w", df.SHA256[:12], err)}
 				}
 			}
 			return fileUploadedMsg{
 				index:       index,
 				sha256:      sha256,
 				size:        file.Size,
 				isArchive:   true,
-				childHashes: file.ArchiveFiles,
+				childHashes: derivedHashes(file.DerivedFiles),
 			}
 		}
 
@@ -307,11 +308,12 @@ func (m scanModel) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 		m.files[i].sha256 = msg.sha256
 
 		if msg.isArchive && len(msg.childHashes) > 0 {
-			// Archive container: mark it as done immediately and track children.
-			m.files[i].state = stateDone
+			// Archive container: poll parent for completion and track children.
+			m.files[i].state = stateScanning
 			m.files[i].isArchive = true
 			m.files[i].childCount = len(msg.childHashes)
 			m.files[i].size = msg.size
+			cmds = append(cmds, pollStatusCmd(i, m.web, msg.sha256))
 
 			archiveName := filepath.Base(m.files[i].filename)
 			for _, childHash := range msg.childHashes {
@@ -502,6 +504,9 @@ func (m scanModel) View() string {
 						f.result.MultiAV.Positives, f.result.MultiAV.EnginesCount)
 				}
 			}
+			if f.result != nil && f.result.Encrypted {
+				line += renderEncryptionStatus(f.result)
+			}
 			doneRows = append(doneRows, doneRow{line})
 		case stateError:
 			line := styleError.Render("✗") + " " + name + "  " + styleError.Render(f.err.Error())
@@ -541,3 +546,29 @@ func truncSha(sha string) string {
 	return sha
 }
 
+func derivedHashes(files []entity.DerivedFile) []string {
+	hashes := make([]string, len(files))
+	for i, f := range files {
+		hashes[i] = f.SHA256
+	}
+	return hashes
+}
+
+func renderEncryptionStatus(s *scanSummary) string {
+	if s.DecryptionSuccess == nil {
+		return "  " + styleWarning.Render("encrypted")
+	}
+	if *s.DecryptionSuccess {
+		out := "  " + styleSuccess.Render("decrypted")
+		if s.SuccessfulPassword != "" {
+			out += " " + styleDim.Render("(pwd: "+s.SuccessfulPassword+")")
+		}
+		return out
+	}
+	out := "  " + styleError.Render("decryption failed")
+	if len(s.AttemptedPasswords) > 0 {
+		out += " " + styleDim.Render("(tried: "+strings.Join(s.AttemptedPasswords, ", ")+")")
+	}
+	return out
+}
+

cmd/view.go

@@ -88,10 +88,26 @@ func printFileReport(file entity.File, webSvc webapi.Service) {
 		printKV("Packer", strings.Join(file.Packer, ", "))
 	}
 	if file.IsArchive {
-		printKV("Archive", fmt.Sprintf("yes (%d files)", len(file.ArchiveFiles)))
+		printKV("Archive", fmt.Sprintf("yes (%d files)", len(file.DerivedFiles)))
 	}
-	if file.ArchiveSHA256 != "" {
-		printKV("Parent", file.ArchiveSHA256)
+	if file.Encrypted {
+		printKV("Encrypted", "yes")
+		if file.DecryptionSuccess != nil {
+			if *file.DecryptionSuccess {
+				printKV("Decryption", cleanStyle.Render("successful"))
+				if file.SuccessfulPassword != "" {
+					printKV("Password", file.SuccessfulPassword)
+				}
+			} else {
+				printKV("Decryption", detectStyle.Render("failed"))
+				if len(file.AttemptedPasswords) > 0 {
+					printKV("Attempted", strings.Join(file.AttemptedPasswords, ", "))
+				}
+			}
+		}
+	}
+	if file.ParentSHA256 != "" {
+		printKV("Parent", file.ParentSHA256)
 	}
 	if file.FirstSeen != 0 {
 		printKV("First Seen", formatTimestamp(file.FirstSeen))
@@ -103,8 +119,8 @@ func printFileReport(file entity.File, webSvc webapi.Service) {
 
 	if file.IsArchive {
 		// Archives only scan their children, skip verdict and AV results.
-		if len(file.ArchiveFiles) > 0 {
-			printArchiveChildren(file.ArchiveFiles, webSvc)
+		if len(file.DerivedFiles) > 0 {
+			printArchiveChildren(file.DerivedFiles, webSvc)
 		}
 	} else {
 		// Classification.
@@ -122,6 +138,7 @@ type childSummary struct {
 	sha256         string
 	classification string
 	format         string
+	size           int64
 	positives      int
 	enginesCount   int
 	err            error
@@ -136,6 +153,7 @@ func fetchChildSummary(sha256 string, webSvc webapi.Service) childSummary {
 		sha256:         sha256,
 		classification: file.Classification,
 		format:         file.Format,
+		size:           file.Size,
 	}
 	if file.Extension != "" {
 		cs.format += "/" + file.Extension
@@ -153,28 +171,30 @@ func fetchChildSummary(sha256 string, webSvc webapi.Service) childSummary {
 	return cs
 }
 
-func printArchiveChildren(archiveFiles []string, webSvc webapi.Service) {
-	fmt.Println(headerStyle.Render(fmt.Sprintf("Archive Contents (%d files)", len(archiveFiles))))
+func printArchiveChildren(derivedFiles []entity.DerivedFile, webSvc webapi.Service) {
+	fmt.Println(headerStyle.Render(fmt.Sprintf("Archive Contents (%d files)", len(derivedFiles))))
 	fmt.Println()
 
 	// Table header.
 	fmtCol := lipgloss.NewStyle().Width(16)
+	sizeCol := lipgloss.NewStyle().Width(10)
 	avCol := lipgloss.NewStyle().Width(14)
 	clsCol := lipgloss.NewStyle().Width(12)
 
-	fmt.Printf("  %s  %s %s %s\n",
+	fmt.Printf("  %s  %s %s %s %s\n",
 		styleDim.Render(fmt.Sprintf("%-64s", "SHA256")),
 		styleDim.Render(fmtCol.Render("FORMAT")),
+		styleDim.Render(sizeCol.Render("SIZE")),
 		styleDim.Render(avCol.Render("DETECTIONS")),
 		styleDim.Render(clsCol.Render("VERDICT")),
 	)
-	fmt.Printf("  %s\n", styleDim.Render(strings.Repeat("─", 108)))
+	fmt.Printf("  %s\n", styleDim.Render(strings.Repeat("─", 119)))
 
-	for _, sha := range archiveFiles {
-		cs := fetchChildSummary(sha, webSvc)
+	for _, df := range derivedFiles {
+		cs := fetchChildSummary(df.SHA256, webSvc)
 		if cs.err != nil {
 			fmt.Printf("  %s  %s\n",
-				sha,
+				df.SHA256,
 				styleError.Render("error: "+cs.err.Error()),
 			)
 			continue
@@ -187,9 +207,10 @@ func printArchiveChildren(archiveFiles []string, webSvc webapi.Service) {
 			detStr = cleanStyle.Render(detStr)
 		}
 
-		fmt.Printf("  %s  %s %s %s\n",
+		fmt.Printf("  %s  %s %s %s %s\n",
 			cs.sha256,
 			fmtCol.Render(cs.format),
+			sizeCol.Render(formatSize(cs.size)),
 			avCol.Render(detStr),
 			clsCol.Render(renderClassification(cs.classification)),
 		)

internal/entity/file.go

@@ -34,9 +34,20 @@ type File struct {
 	BehaviorReportID string            `json:"behavior_report_id,omitempty"`
 	Status           int               `json:"status,omitempty"`
 	Classification   string            `json:"classification,omitempty"`
-	IsArchive        bool              `json:"is_archive,omitempty"`
-	ArchiveFiles     []string          `json:"archive_files,omitempty"`
-	ArchiveSHA256    string            `json:"archive_sha256,omitempty"`
+	IsArchive          bool          `json:"is_archive,omitempty"`
+	DerivedFiles       []DerivedFile `json:"derived_files,omitempty"`
+	ParentSHA256       string        `json:"parent_sha256,omitempty"`
+	Encrypted          bool          `json:"encrypted"`
+	DecryptionSuccess  *bool         `json:"decryption_success,omitempty"`
+	SuccessfulPassword string        `json:"successful_password,omitempty"`
+	AttemptedPasswords []string      `json:"attempted_passwords,omitempty"`
+}
+
+// DerivedFile is a child file produced during analysis of a parent — either a
+// member extracted from an archive or the decrypted payload of a protected document.
+type DerivedFile struct {
+	Name   string `json:"name"`
+	SHA256 string `json:"sha256"`
 }
 
 // Submission represents a file submission.