Very large optimization of the code, also refactored code, removed unused code

Author: dest4590

Cargo.lock

@@ -27,6 +27,7 @@ thiserror = "2.0.12"
 rayon = "1.10.0"
 encoding_rs = "0.8.35"
 wildmatch = "2.4.0"
+lru = "0.14.0"
 
 [profile.release]
 codegen-units = 1

Cargo.toml

@@ -74,9 +74,6 @@ collapsescanner path/to/file.jar --json
 # Run with 8 processing threads
 collapsescanner path/to/file.jar --threads 8
 
-# Fast scan - stop after finding first suspicious item
-collapsescanner path/to/file.jar --fast
-
 # Path filtering
 collapsescanner path/to/file.jar --exclude "assets/**" --exclude "*.log" --find "com/example/*"
 
@@ -86,22 +83,20 @@ collapsescanner path/to/file.jar --ignore-suspicious path/to/ignored_keywords.tx
 
 ## 🔍 Command-line Options
 
-| Option                | Description                                                                          |
-| --------------------- | ------------------------------------------------------------------------------------ |
-| `path`                | Path to a JAR file, class file, or directory to scan                                 |
-| `--mode`              | Detection mode: `network`, `crypto`, `malicious`, `obfuscation`, or `all` (default)  |
-| `--extract`           | Extract all resources from JAR files                                                 |
-| `--strings`           | Extract all strings from class files                                                 |
-| `--output`            | Specify the output directory (default: ./extracted)                                  |
-| `--json`              | Export results in JSON format                                                        |
-| `-v, --verbose`       | Enable verbose output (shows size/entropy, etc.)                                     |
-| `--threads`           | Number of threads to use for parallel processing (0 = automatic based on CPU cores)  |
-| `--fast`              | Fast scan mode - stops processing a JAR file after finding the first suspicious item |
-| `--max-findings`      | Maximum number of findings before stopping (default: 50, 0 = no limit)               |
-| `--exclude`           | Exclude paths matching the wildcard pattern (can be used multiple times)             |
-| `--find`              | Only scan paths matching the wildcard pattern (can be used multiple times)           |
-| `--ignore-suspicious` | Path to a .txt file with suspicious keywords to ignore (one per line)                |
-| `--ignore-crypto`     | Path to a .txt file with crypto keywords to ignore (one per line)                    |
+| Option                | Description                                                                         |
+| --------------------- | ----------------------------------------------------------------------------------- |
+| `path`                | Path to a JAR file, class file, or directory to scan                                |
+| `--mode`              | Detection mode: `network`, `crypto`, `malicious`, `obfuscation`, or `all` (default) |
+| `--extract`           | Extract all resources from JAR files                                                |
+| `--strings`           | Extract all strings from class files                                                |
+| `--output`            | Specify the output directory (default: ./extracted)                                 |
+| `--json`              | Export results in JSON format                                                       |
+| `-v, --verbose`       | Enable verbose output (shows size/entropy, etc.)                                    |
+| `--threads`           | Number of threads to use for parallel processing (0 = automatic based on CPU cores) |
+| `--exclude`           | Exclude paths matching the wildcard pattern (can be used multiple times)            |
+| `--find`              | Only scan paths matching the wildcard pattern (can be used multiple times)          |
+| `--ignore-suspicious` | Path to a .txt file with suspicious keywords to ignore (one per line)               |
+| `--ignore-crypto`     | Path to a .txt file with crypto keywords to ignore (one per line)                   |
 
 ## 🛡️ Detection Capabilities
 

README.md

@@ -81,10 +81,14 @@ fn process_jar(input_path: &str, output_path: &str) -> ZipResult<()> {
     let mut zip_writer = ZipWriter::new(output_writer);
 
     let pb = ProgressBar::new(num_entries as u64);
-    pb.set_style(ProgressStyle::default_bar()
-        .template("{spinner:.green} [{elapsed_precise}] [{bar:40.cyan/blue}] {pos}/{len} entries")
-        .unwrap()
-        .progress_chars("=>-"));
+    pb.set_style(
+        ProgressStyle::default_bar()
+            .template(
+                "{spinner:.green} [{elapsed_precise}] [{bar:40.cyan/blue}] {pos}/{len} entries",
+            )
+            .unwrap()
+            .progress_chars("=>-"),
+    );
 
     println!("🔧 Building fixed JAR file...");
 

scripts/remapper.rs

@@ -2,42 +2,42 @@ use lazy_static::lazy_static;
 
 lazy_static! {
     pub static ref GOOD_LINKS: Vec<String> = vec![
-        "minecraft.org".to_string(),
-        "minecraft.net".to_string(),
-        "netty.io".to_string(),
-        "optifine.net".to_string(),
-        "mojang.com".to_string(),
+        "account.mojang.com".to_string(),
+        "aka.ms".to_string(),
         "apache.org".to_string(),
-        "logging.apache.org".to_string(),
-        "www.w3.org".to_string(),
-        "tools.ietf.org".to_string(),
-        "eclipse.org".to_string(),
-        "www.openssl.org".to_string(),
-        "sessionserver.mojang.com".to_string(),
-        "authserver.mojang.com".to_string(),
         "api.mojang.com".to_string(),
-        "shader-tutorial.dev".to_string(),
-        "s.optifine.net".to_string(),
-        "snoop.minecraft.net".to_string(),
-        "account.mojang.com".to_string(),
+        "api.spiget.org".to_string(),
+        "authserver.mojang.com".to_string(),
         "bugs.mojang.com".to_string(),
-        "aka.ms".to_string(),
-        "minotar.net".to_string(),
-        "dominos.com".to_string(),
         "cabaletta/baritone".to_string(),
-        "yaml.org".to_string(),
-        "java.sun.org".to_string(),
+        "ci.viaversion.com".to_string(),
         "com/viaversion/".to_string(),
-        "lwjgl.org".to_string(),
-        "dump.viaversion.com".to_string(),
         "docs.advntr.dev".to_string(),
+        "dominos.com".to_string(),
+        "dump.viaversion.com".to_string(),
+        "eclipse.org".to_string(),
+        "java.sun.org".to_string(),
         "jo0001.github.io".to_string(),
-        "viaversion.com".to_string(),
-        "ci.viaversion.com".to_string(),
-        "paulscode/sound/".to_string(),
-        "api.spiget.org".to_string(),
+        "logging.apache.org".to_string(),
         "login.live.com".to_string(),
+        "lwjgl.org".to_string(),
+        "minecraft.net".to_string(),
+        "minecraft.org".to_string(),
+        "minotar.net".to_string(),
+        "mojang.com".to_string(),
+        "netty.io".to_string(),
+        "optifine.net".to_string(),
+        "paulscode/sound/".to_string(),
+        "s.optifine.net".to_string(),
+        "sessionserver.mojang.com".to_string(),
+        "shader-tutorial.dev".to_string(),
+        "snoop.minecraft.net".to_string(),
+        "tools.ietf.org".to_string(),
+        "viaversion.com".to_string(),
+        "www.openssl.org".to_string(),
+        "www.rfc-editor.org".to_string(),
         "www.slf4j.org".to_string(),
-        "www.rfc-editor.org".to_string()
+        "www.w3.org".to_string(),
+        "yaml.org".to_string(),
     ];
 }

src/database.rs

@@ -0,0 +1,121 @@
+pub const NAME_LENGTH_THRESHOLD: usize = 100;
+pub const ENTROPY_THRESHOLD: f64 = 7.2;
+pub const SUSPICIOUS_CHAR_THRESHOLD: usize = 3;
+
+pub const MIN_STRING_LENGTH: usize = 5;
+pub const MAX_PATTERN_CHECK_LENGTH: usize = 4096;
+pub const RESULT_CACHE_SIZE: usize = 2048;
+
+pub fn contains_network_indicators(s: &str) -> bool {
+    s.contains("http")
+        || s.contains("www.")
+        || s.contains("://")
+        || s.contains(".com")
+        || s.contains(".net")
+        || s.contains(".org")
+        || s.contains("192.168.")
+        || s.contains("10.0.")
+        || s.contains("127.0.0")
+}
+
+pub fn contains_crypto_indicators(s: &str) -> bool {
+    s.contains("aes")
+        || s.contains("rsa")
+        || s.contains("des")
+        || s.contains("sha")
+        || s.contains("md5")
+        || s.contains("crypt")
+        || s.contains("key")
+        || s.contains("hash")
+        || s.contains("password")
+}
+
+pub fn contains_malicious_indicators(s: &str) -> bool {
+    s.contains("backdoor")
+        || s.contains("exploit")
+        || s.contains("payload")
+        || s.contains("inject")
+        || s.contains("exec")
+        || s.contains("socket")
+        || s.contains("download")
+        || s.contains("jndi")
+        || s.contains("ldap")
+}
+
+pub fn is_obfuscated_name(name: &str) -> bool {
+    if name.len() <= 2 && name != "of" && name != "to" && name != "at" && name != "id" {
+        return true;
+    }
+
+    let chars: Vec<_> = name.chars().collect();
+    if chars.len() >= 3 {
+        let repeats = chars
+            .windows(3)
+            .filter(|w| w[0] == w[1] && w[1] == w[2])
+            .count();
+        if repeats > 0 {
+            return true;
+        }
+    }
+
+    name.contains("$_")
+        || name.contains("$$")
+        || name.contains("III")
+        || name.contains("lll")
+        || name.contains("OOO")
+        || name.matches('$').count() > 2
+}
+
+lazy_static::lazy_static! {
+
+    pub static ref SAFE_STRING_CACHE: std::sync::Mutex<std::collections::HashSet<String>> =
+        std::sync::Mutex::new(std::collections::HashSet::with_capacity(1000));
+
+
+    pub static ref OBFUSCATED_NAME_CACHE: std::sync::Mutex<std::collections::HashSet<String>> =
+        std::sync::Mutex::new(std::collections::HashSet::with_capacity(500));
+}
+
+pub fn is_cached_safe_string(s: &str) -> bool {
+    if let Ok(cache) = SAFE_STRING_CACHE.lock() {
+        return cache.contains(s);
+    }
+    false
+}
+
+pub fn cache_safe_string(s: &str) -> bool {
+    if let Ok(mut cache) = SAFE_STRING_CACHE.lock() {
+        return cache.insert(s.to_string());
+    }
+    false
+}
+
+pub fn should_analyze_string(s: &str) -> bool {
+    if s.len() < MIN_STRING_LENGTH {
+        return false;
+    }
+
+    true
+}
+
+pub fn calculate_detection_hash(data: &[u8]) -> u64 {
+    use std::collections::hash_map::DefaultHasher;
+    use std::hash::{Hash, Hasher};
+
+    let mut hasher = DefaultHasher::new();
+
+    if data.len() > 1024 {
+        let start = &data[..512];
+        let middle = &data[data.len() / 2 - 256..data.len() / 2 + 256];
+        let end = &data[data.len() - 512..];
+
+        start.hash(&mut hasher);
+        middle.hash(&mut hasher);
+        end.hash(&mut hasher);
+        (data.len() as u64).hash(&mut hasher);
+    } else {
+        data.hash(&mut hasher);
+    }
+
+    hasher.finish()
+}

src/detection.rs

@@ -0,0 +1,21 @@
+use indicatif;
+use serde_json;
+use std::io;
+use thiserror::Error;
+use zip;
+
+#[derive(Debug, Error)]
+pub enum ScanError {
+    #[error("IO error: {0}")]
+    IoError(#[from] io::Error),
+    #[error("Zip error: {0}")]
+    ZipError(#[from] zip::result::ZipError),
+    #[error("Class parse error in '{path}': {msg}")]
+    ClassParseError { path: String, msg: String },
+    #[error("Unsupported file type: {0:?}")]
+    UnsupportedFileType(Option<std::ffi::OsString>),
+    #[error("JSON serialization/deserialization error: {0}")]
+    JsonError(#[from] serde_json::Error),
+    #[error("Template error: {0}")]
+    TemplateError(#[from] indicatif::style::TemplateError),
+}