Add rayhunter-check, a utility for running QMDL heuristics

lib/src/analysis/analyzer.rs

@@ -1,4 +1,5 @@
 use std::borrow::Cow;
+use serde::Serialize;
 
 use super::information_element::InformationElement;
 
@@ -7,6 +8,7 @@ use super::information_element::InformationElement;
 ///   * Low: if combined with a large number of other Warnings, user should investigate
 ///   * Medium: if combined with a few other Warnings, user should investigate
 ///   * High: user should investigate
+#[derive(Serialize, Debug, Clone)]
 pub enum Severity {
     Low,
     Medium,
@@ -15,14 +17,17 @@ pub enum Severity {
 
 /// [QualitativeWarning] events will always be shown to the user in some manner,
 /// while `Informational` ones may be hidden based on user settings.
+#[derive(Serialize, Debug, Clone)]
+#[serde(tag = "type")]
 pub enum EventType {
     Informational,
-    QualitativeWarning(Severity),
+    QualitativeWarning { severity: Severity },
 }
 
 /// Events are user-facing signals that can be emitted by an [Analyzer] upon a
 /// message being received. They can be used to signifiy an IC detection
 /// warning, or just to display some relevant information to the user.
+#[derive(Serialize, Debug, Clone)]
 pub struct Event {
     pub event_type: EventType,
     pub message: String,
@@ -49,3 +54,37 @@ pub trait Analyzer {
     /// thousands of them alongside many other [Analyzers](Analyzer).
     fn analyze_information_element(&mut self, ie: &InformationElement) -> Option<Event>;
 }
+
+pub struct Harness {
+    analyzers: Vec<Box<dyn Analyzer>>,
+}
+
+impl Harness {
+    pub fn new() -> Self {
+        Self {
+            analyzers: Vec::new(),
+        }
+    }
+
+    pub fn add_analyzer(&mut self, analyzer: Box<dyn Analyzer>) {
+        self.analyzers.push(analyzer);
+    }
+
+    pub fn analyze_information_element(&mut self, ie: &InformationElement) -> Vec<Option<Event>> {
+        self.analyzers.iter_mut()
+            .map(|analyzer| analyzer.analyze_information_element(ie))
+            .collect()
+    }
+
+    pub fn get_names(&self) -> Vec<Cow<'_, str>> {
+        self.analyzers.iter()
+            .map(|analyzer| analyzer.get_name())
+            .collect()
+    }
+
+    pub fn get_descriptions(&self) -> Vec<Cow<'_, str>> {
+        self.analyzers.iter()
+            .map(|analyzer| analyzer.get_description())
+            .collect()
+    }
+}

lib/src/analysis/information_element.rs

@@ -52,31 +52,34 @@ pub enum LteInformationElement {
     //ScMcchNb(),
 }
 
-impl TryFrom<&GsmtapMessage> for LteInformationElement {
+impl TryFrom<&GsmtapMessage> for InformationElement {
     type Error = InformationElementError;
 
     fn try_from(gsmtap_msg: &GsmtapMessage) -> Result<Self, Self::Error> {
-        if let GsmtapType::LteRrc(lte_rrc_subtype) = gsmtap_msg.header.gsmtap_type {
-            use LteRrcSubtype as L;
-            use LteInformationElement as R;
-            return match lte_rrc_subtype {
-                L::DlCcch => Ok(R::DlCcch(decode(&gsmtap_msg.payload)?)),
-                L::DlDcch => Ok(R::DlDcch(decode(&gsmtap_msg.payload)?)),
-                L::UlCcch => Ok(R::UlCcch(decode(&gsmtap_msg.payload)?)),
-                L::UlDcch => Ok(R::UlDcch(decode(&gsmtap_msg.payload)?)),
-                L::BcchBch => Ok(R::BcchBch(decode(&gsmtap_msg.payload)?)),
-                L::BcchDlSch => Ok(R::BcchDlSch(decode(&gsmtap_msg.payload)?)),
-                L::PCCH => Ok(R::PCCH(decode(&gsmtap_msg.payload)?)),
-                L::MCCH => Ok(R::MCCH(decode(&gsmtap_msg.payload)?)),
-                L::ScMcch => Ok(R::ScMcch(decode(&gsmtap_msg.payload)?)),
-                L::BcchBchMbms => Ok(R::BcchBchMbms(decode(&gsmtap_msg.payload)?)),
-                L::BcchDlSchBr => Ok(R::BcchDlSchBr(decode(&gsmtap_msg.payload)?)),
-                L::BcchDlSchMbms => Ok(R::BcchDlSchMbms(decode(&gsmtap_msg.payload)?)),
-                L::SbcchSlBch => Ok(R::SbcchSlBch(decode(&gsmtap_msg.payload)?)),
-                L::SbcchSlBchV2x => Ok(R::SbcchSlBchV2x(decode(&gsmtap_msg.payload)?)),
-                _ => Err(InformationElementError::UnsupportedGsmtapType(gsmtap_msg.header.gsmtap_type)),
-            };
+        match gsmtap_msg.header.gsmtap_type {
+            GsmtapType::LteRrc(lte_rrc_subtype) => {
+                use LteRrcSubtype as L;
+                use LteInformationElement as R;
+                let lte = match lte_rrc_subtype {
+                    L::DlCcch => R::DlCcch(decode(&gsmtap_msg.payload)?),
+                    L::DlDcch => R::DlDcch(decode(&gsmtap_msg.payload)?),
+                    L::UlCcch => R::UlCcch(decode(&gsmtap_msg.payload)?),
+                    L::UlDcch => R::UlDcch(decode(&gsmtap_msg.payload)?),
+                    L::BcchBch => R::BcchBch(decode(&gsmtap_msg.payload)?),
+                    L::BcchDlSch => R::BcchDlSch(decode(&gsmtap_msg.payload)?),
+                    L::PCCH => R::PCCH(decode(&gsmtap_msg.payload)?),
+                    L::MCCH => R::MCCH(decode(&gsmtap_msg.payload)?),
+                    L::ScMcch => R::ScMcch(decode(&gsmtap_msg.payload)?),
+                    L::BcchBchMbms => R::BcchBchMbms(decode(&gsmtap_msg.payload)?),
+                    L::BcchDlSchBr => R::BcchDlSchBr(decode(&gsmtap_msg.payload)?),
+                    L::BcchDlSchMbms => R::BcchDlSchMbms(decode(&gsmtap_msg.payload)?),
+                    L::SbcchSlBch => R::SbcchSlBch(decode(&gsmtap_msg.payload)?),
+                    L::SbcchSlBchV2x => R::SbcchSlBchV2x(decode(&gsmtap_msg.payload)?),
+                    _ => return Err(InformationElementError::UnsupportedGsmtapType(gsmtap_msg.header.gsmtap_type)),
+                };
+                Ok(InformationElement::LTE(lte))
+            },
+            _ => Err(InformationElementError::UnsupportedGsmtapType(gsmtap_msg.header.gsmtap_type)),
         }
-        Err(InformationElementError::UnsupportedGsmtapType(gsmtap_msg.header.gsmtap_type))
     }
 }

lib/src/analysis/lte_downgrade.rs

@@ -5,10 +5,10 @@ use super::information_element::{InformationElement, LteInformationElement};
 use telcom_parser::lte_rrc::{BCCH_DL_SCH_MessageType, BCCH_DL_SCH_MessageType_c1, CellReselectionPriority, SystemInformationBlockType7, SystemInformationCriticalExtensions, SystemInformation_r8_IEsSib_TypeAndInfo, SystemInformation_r8_IEsSib_TypeAndInfo_Entry};
 
 /// Based on heuristic T7 from Shinjo Park's "Why We Cannot Win".
-pub struct LteSib7DowngradeAnalyzer {
+pub struct LteSib6And7DowngradeAnalyzer {
 }
 
-impl LteSib7DowngradeAnalyzer {
+impl LteSib6And7DowngradeAnalyzer {
     fn unpack_system_information<'a>(&self, ie: &'a InformationElement) -> Option<&'a SystemInformation_r8_IEsSib_TypeAndInfo> {
         if let InformationElement::LTE(LteInformationElement::BcchDlSch(bcch_dl_sch_message)) = ie {
             if let BCCH_DL_SCH_MessageType::C1(BCCH_DL_SCH_MessageType_c1::SystemInformation(system_information)) = &bcch_dl_sch_message.message {
@@ -22,13 +22,13 @@ impl LteSib7DowngradeAnalyzer {
 }
 
 // TODO: keep track of SIB state to compare LTE reselection blocks w/ 2g/3g ones
-impl Analyzer for LteSib7DowngradeAnalyzer {
+impl Analyzer for LteSib6And7DowngradeAnalyzer {
     fn get_name(&self) -> Cow<str> {
-        Cow::from("LTE SIB 7 Downgrade")
+        Cow::from("LTE SIB 6/7 Downgrade")
     }
 
     fn get_description(&self) -> Cow<str> {
-        Cow::from("Tests for LTE cells broadcasting a SIB type 7 which include 2G/3G frequencies with higher priorities.")
+        Cow::from("Tests for LTE cells broadcasting a SIB type 6 and 7 which include 2G/3G frequencies with higher priorities.")
     }
 
     fn analyze_information_element(&mut self, ie: &InformationElement) -> Option<super::analyzer::Event> {
@@ -41,7 +41,7 @@ impl Analyzer for LteSib7DowngradeAnalyzer {
                             if let Some(CellReselectionPriority(p)) = carrier_info.cell_reselection_priority {
                                 if p == 0 {
                                     return Some(Event {
-                                        event_type: EventType::QualitativeWarning(Severity::High),
+                                        event_type: EventType::QualitativeWarning { severity: Severity::High },
                                         message: "LTE cell advertised a 3G cell for priority 0 reselection".to_string(),
                                     });
                                 }
@@ -53,7 +53,7 @@ impl Analyzer for LteSib7DowngradeAnalyzer {
                             if let Some(CellReselectionPriority(p)) = carrier_info.cell_reselection_priority {
                                 if p == 0 {
                                     return Some(Event {
-                                        event_type: EventType::QualitativeWarning(Severity::High),
+                                        event_type: EventType::QualitativeWarning { severity: Severity::High },
                                         message: "LTE cell advertised a 3G cell for priority 0 reselection".to_string(),
                                     });
                                 }
@@ -66,7 +66,7 @@ impl Analyzer for LteSib7DowngradeAnalyzer {
                         if let Some(CellReselectionPriority(p)) = carrier_info.common_info.cell_reselection_priority {
                             if p == 0 {
                                 return Some(Event {
-                                    event_type: EventType::QualitativeWarning(Severity::High),
+                                    event_type: EventType::QualitativeWarning { severity: Severity::High },
                                     message: "LTE cell advertised a 2G cell for priority 0 reselection".to_string(),
                                 });
                             }

lib/src/gsmtap_parser.rs

@@ -26,7 +26,7 @@ impl GsmtapParser {
         GsmtapParser {}
     }
 
-    pub fn recv_message(&mut self, msg: Message) -> Result<Option<(Timestamp, GsmtapMessage)>, GsmtapParserError> {
+    pub fn parse(&mut self, msg: Message) -> Result<Option<(Timestamp, GsmtapMessage)>, GsmtapParserError> {
         if let Message::Log { timestamp, body, .. } = msg {
             match self.log_to_gsmtap(body)? {
                 Some(msg) => Ok(Some((timestamp, msg))),