Merge pull request #6 from airbus-cert/5-please-add-support-for-ntfs-…

…body-files

Accept Inodes not being integer

bodyfile.go

@@ -21,7 +21,7 @@ type Entry struct {
 	// MD5|name|inode|mode_as_string|UID|GID|size|atime|mtime|ctime|crtime
 	MD5              string
 	Name             string
-	Inode            int
+	Inode            string
 	Mode             string
 	UID              int
 	GID              int
@@ -93,15 +93,10 @@ func fieldsToEntry(fields []string) (*Entry, error) {
 	e := Entry{}
 	e.MD5 = fields[0]
 	e.Name = fields[1]
-	i, err := strconv.ParseInt(fields[2], 10, 64)
-	if err != nil {
-		return nil, fmt.Errorf("Inode was not an integer: %s", err)
-	}
-
-	e.Inode = int(i)
+	e.Inode = fields[2]
 	e.Mode = fields[3]
 
-	i, err = strconv.ParseInt(fields[4], 10, 64)
+	i, err := strconv.ParseInt(fields[4], 10, 64)
 	if err != nil {
 		return nil, fmt.Errorf("UID was not an integer: %s", err)
 	}

bodyfile_test.go

@@ -43,6 +43,15 @@ func Test_BuggySize(t *testing.T) {
 	}
 }
 
+func Test_InodeIsNotANumber(t *testing.T) {
+	input := `0|c:/$MFT|0-128-12|r/rrwxrwxrwx|0|0|196870144|1689087082|1689087082|1689087082|1689087082`
+	r := NewReader(bytes.NewBufferString(input))
+	_, err := r.Read()
+	if err != nil {
+		t.Errorf("Could not read: %s", err)
+	}
+}
+
 func Test_BodyfileParsing(t *testing.T) {
 	// 2009-07-13T23:29:31Z    74240 .a.b 0 454      0        36434    \.\Windows\System32\oobe\audit.exe
 	// 2009-07-14T01:38:55Z    74240 m... 0 454      0        36434    \.\Windows\System32\oobe\audit.exe
@@ -54,7 +63,7 @@ func Test_BodyfileParsing(t *testing.T) {
 	expected := Entry{
 		MD5:              "0",
 		Name:             `\.\Windows\System32\oobe\audit.exe`,
-		Inode:            36434,
+		Inode:            "36434",
 		Mode:             "0",
 		UID:              454,
 		GID:              0,