Cross-compiling for Windows using Fedora 36; CONFIGURE_FEDORA36_win64.bash errors out on libre2-dev about bulk_extractor HOT 9 OPEN

Thank you for the email. You are correct — there is no support for re2 under MinGW.
I've been working on this very problem lately. The problem is that one of our users entered a regular expression [a-z]*@company.com and that expression basically causes the regular expression engine in both pcre and in std::regex to hang. Which means that if you don't have RE2 installed, and you use that regular expression, you will have a bad outcome.

How do you think this should be handled? Do you want to have bulk_extractor without scan_find - the ability to search for arbitrary regular expressions? or would you rather have it hang if you specify a bad regular expression?

or, would you like to port libre2 to MinGW?

from bulk_extractor.

Tagging @jonstewart

from bulk_extractor.

Thank you for the email. You are correct — there is no support for re2 under MinGW. I've been working on this very problem lately. The problem is that one of our users entered a regular expression [a-z]*@company.com and that expression basically causes the regular expression engine in both pcre and in std::regex to hang. Which means that if you don't have RE2 installed, and you use that regular expression, you will have a bad outcome.

How do you think this should be handled? Do you want to have bulk_extractor without scan_find - the ability to search for arbitrary regular expressions? or would you rather have it hang if you specify a bad regular expression?

or, would you like to port libre2 to MinGW?

Thank you so much for your quick reply.

I am thinking aloud here and I am not that well-versed in bulk_extractor so I might assume that something works a certain way that it doesn't:

Ok so one use-case I thought of with regex is to specify a regex that looks for strings that can be "seeds" for BTC.
That doesn't seem to be covered in any available "scanner" although BTC-addresses are identified using the "accts"-scanner if I remember correctly.

I'm not a C/C++ programmer so developing a scanner or plugin to bulk_extractor is beyond my technical knowledge however to be able to specify custom regex to find things that the scanners don't or that is highly specific to a certain DFIR-investigation would be extremely helpful.

So without having any knowledge of how big a job it would be my 5 cents are to port libre2 to MinGW so that custom regex would work.

Thanks again for answering (and very promptly).

Appreciate your work and the software immensely.

from bulk_extractor.

libre2 depends on https://abseil.io
Both need to be running under MinGW.

from bulk_extractor.

libre2 depends on https://abseil.io Both need to be running under MinGW.

Ah gotcha.

Saw this on their GitHub if it might be any help, the linked fix should solve this issue which was "Building Abseil 20230802.0 with MinGW-w64 fails".

Perhaps they (Abseil) fixed so it now compiles under MinGW :) ?

from bulk_extractor.

I've actually added support for pcre and re-added support for std::regex to be20_api, so we should have support back for Windows soon. It will just be really, really slow with bad regular expressions.

from bulk_extractor.

I misread the windows build warning and still tried to compile in Fedora 36 and 40. Glad to hear that a fix is in the works as i was running into crashing issues with the latest version on Windows and I figured there was no point in raising the issue as it was so far behind 2.1.

from bulk_extractor.

from bulk_extractor.

from bulk_extractor.