Skip to content

Commit

Permalink
Formatting
Browse files Browse the repository at this point in the history
  • Loading branch information
@ryanohoro
ryanohoro committed Mar 9, 2024
1 parent 330a75d commit ca28508
Show file tree
Hide file tree
Showing 6 changed files with 81 additions and 70 deletions.
18 changes: 9 additions & 9 deletions src/python/strelka/scanners/scan_docx.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,17 +30,17 @@ def scan(self, data, file, options, expire_at):
self.event["identifier"] = docx_doc.core_properties.identifier
self.event["keywords"] = docx_doc.core_properties.keywords
self.event["language"] = docx_doc.core_properties.language
self.event[
"last_modified_by"
] = docx_doc.core_properties.last_modified_by
self.event["last_modified_by"] = (
docx_doc.core_properties.last_modified_by
)
if docx_doc.core_properties.last_printed is not None:
self.event[
"last_printed"
] = docx_doc.core_properties.last_printed.isoformat()
self.event["last_printed"] = (
docx_doc.core_properties.last_printed.isoformat()
)
if docx_doc.core_properties.modified is not None:
self.event[
"modified"
] = docx_doc.core_properties.modified.isoformat()
self.event["modified"] = (
docx_doc.core_properties.modified.isoformat()
)
self.event["revision"] = docx_doc.core_properties.revision
self.event["subject"] = docx_doc.core_properties.subject
self.event["title"] = docx_doc.core_properties.title
Expand Down
26 changes: 13 additions & 13 deletions src/python/strelka/scanners/scan_iso.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,19 +27,19 @@ def scan(self, data, file, options, expire_at):

# Attempt to get Meta
try:
self.event["meta"][
"date_created"
] = self._datetime_from_volume_date(iso.pvd.volume_creation_date)
self.event["meta"][
"date_effective"
] = self._datetime_from_volume_date(iso.pvd.volume_effective_date)
self.event["meta"][
"date_expiration"
] = self._datetime_from_volume_date(iso.pvd.volume_expiration_date)
self.event["meta"][
"date_modification"
] = self._datetime_from_volume_date(
iso.pvd.volume_modification_date
self.event["meta"]["date_created"] = (
self._datetime_from_volume_date(iso.pvd.volume_creation_date)
)
self.event["meta"]["date_effective"] = (
self._datetime_from_volume_date(iso.pvd.volume_effective_date)
)
self.event["meta"]["date_expiration"] = (
self._datetime_from_volume_date(iso.pvd.volume_expiration_date)
)
self.event["meta"]["date_modification"] = (
self._datetime_from_volume_date(
iso.pvd.volume_modification_date
)
)
self.event["meta"][
"volume_identifier"
Expand Down
12 changes: 6 additions & 6 deletions src/python/strelka/scanners/scan_lnk.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,18 +140,18 @@ def scan(self, data, file, options, expire_at):

try:
if extradata.IconEnvironmentDataBlock:
self.event[
"icon_target"
] = extradata.IconEnvironmentDataBlock.TargetAnsi
self.event["icon_target"] = (
extradata.IconEnvironmentDataBlock.TargetAnsi
)
except strelka.ScannerTimeout:
raise
except Exception:
self.flags.append("Unable to parse IconEnvironmentDataBlock")

if extradata.TrackerDataBlock:
self.event[
"machine_id"
] = extradata.TrackerDataBlock.MachineID.strip(b"\x00")
self.event["machine_id"] = (
extradata.TrackerDataBlock.MachineID.strip(b"\x00")
)
self.event["mac"] = str(
uuid.UUID(bytes_le=extradata.TrackerDataBlock.Droid[16:])
).split("-")[-1]
Expand Down
24 changes: 12 additions & 12 deletions src/python/strelka/scanners/scan_pe.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -532,18 +532,18 @@ def scan(self, data, file, options, expire_at):
self.event["address_of_entry_point"] = pe.OPTIONAL_HEADER.AddressOfEntryPoint
self.event["image_base"] = pe.OPTIONAL_HEADER.ImageBase
self.event["size_of_code"] = pe.OPTIONAL_HEADER.SizeOfCode
self.event[
"size_of_initialized_data"
] = pe.OPTIONAL_HEADER.SizeOfInitializedData
self.event["size_of_initialized_data"] = (
pe.OPTIONAL_HEADER.SizeOfInitializedData
)
self.event["size_of_headers"] = pe.OPTIONAL_HEADER.SizeOfHeaders
self.event["size_of_heap_reserve"] = pe.OPTIONAL_HEADER.SizeOfHeapReserve
self.event["size_of_image"] = pe.OPTIONAL_HEADER.SizeOfImage
self.event["size_of_stack_commit"] = pe.OPTIONAL_HEADER.SizeOfStackCommit
self.event["size_of_stack_reserve"] = pe.OPTIONAL_HEADER.SizeOfStackReserve
self.event["size_of_heap_commit"] = pe.OPTIONAL_HEADER.SizeOfHeapCommit
self.event[
"size_of_uninitialized_data"
] = pe.OPTIONAL_HEADER.SizeOfUninitializedData
self.event["size_of_uninitialized_data"] = (
pe.OPTIONAL_HEADER.SizeOfUninitializedData
)
self.event["file_alignment"] = pe.OPTIONAL_HEADER.FileAlignment
self.event["section_alignment"] = pe.OPTIONAL_HEADER.SectionAlignment
self.event["checksum"] = pe.OPTIONAL_HEADER.CheckSum
Expand All @@ -552,12 +552,12 @@ def scan(self, data, file, options, expire_at):
self.event["minor_image_version"] = pe.OPTIONAL_HEADER.MinorImageVersion
self.event["major_linker_version"] = pe.OPTIONAL_HEADER.MajorLinkerVersion
self.event["minor_linker_version"] = pe.OPTIONAL_HEADER.MinorLinkerVersion
self.event[
"major_operating_system_version"
] = pe.OPTIONAL_HEADER.MajorOperatingSystemVersion
self.event[
"minor_operating_system_version"
] = pe.OPTIONAL_HEADER.MinorOperatingSystemVersion
self.event["major_operating_system_version"] = (
pe.OPTIONAL_HEADER.MajorOperatingSystemVersion
)
self.event["minor_operating_system_version"] = (
pe.OPTIONAL_HEADER.MinorOperatingSystemVersion
)
self.event["major_subsystem_version"] = pe.OPTIONAL_HEADER.MajorSubsystemVersion
self.event["minor_subsystem_version"] = pe.OPTIONAL_HEADER.MinorSubsystemVersion
self.event["image_version"] = float(
Expand Down
24 changes: 12 additions & 12 deletions src/python/strelka/scanners/scan_pgp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,9 +74,9 @@ def parse_pgpdump(self, data):
secret_key_entry["creation_time"] = creation_time.isoformat()
expiration_time = getattr(packet, "expiration_time", None)
if expiration_time is not None:
secret_key_entry[
"expiration_time"
] = expiration_time.isoformat()
secret_key_entry["expiration_time"] = (
expiration_time.isoformat()
)

if secret_key_entry not in self.event["secret_keys"]:
self.event["secret_keys"].append(secret_key_entry)
Expand All @@ -98,9 +98,9 @@ def parse_pgpdump(self, data):
public_key_entry["creation_time"] = creation_time.isoformat()
expiration_time = getattr(packet, "expiration_time", None)
if expiration_time is not None:
public_key_entry[
"expiration_time"
] = expiration_time.isoformat()
public_key_entry["expiration_time"] = (
expiration_time.isoformat()
)

if public_key_entry not in self.event["public_keys"]:
self.event["public_keys"].append(public_key_entry)
Expand Down Expand Up @@ -135,14 +135,14 @@ def parse_pgpdump(self, data):
}
creation_time = getattr(packet, "creation_time", None)
if creation_time is not None:
signature_packet_entry[
"creation_time"
] = creation_time.isoformat()
signature_packet_entry["creation_time"] = (
creation_time.isoformat()
)
expiration_time = getattr(packet, "expiration_time", None)
if expiration_time is not None:
signature_packet_entry[
"expiration_time"
] = expiration_time.isoformat()
signature_packet_entry["expiration_time"] = (
expiration_time.isoformat()
)

if signature_packet_entry not in self.event["signatures"]:
self.event["signatures"].append(signature_packet_entry)
Expand Down
47 changes: 29 additions & 18 deletions src/python/strelka/scanners/scan_rar.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -201,9 +201,11 @@ def scan(self, data, file, options, expire_at):
rar_data_io = rar_obj.open(
compressed_file,
mode="r",
pwd=password.decode("utf-8")
if password
else None,
pwd=(
password.decode("utf-8")
if password
else None
),
)
if rar_data_io.readable():
extract_data = rar_data_io.readall()
Expand Down Expand Up @@ -271,21 +273,30 @@ def scan(self, data, file, options, expire_at):
{
"file_name": compressed_file.filename,
"datetime": compressed_file.mtime.isoformat(),
"ctime": compressed_file.ctime.isoformat()
if isinstance(
compressed_file.ctime, datetime.datetime
)
else None,
"mtime": compressed_file.mtime.isoformat()
if isinstance(
compressed_file.mtime, datetime.datetime
)
else None,
"atime": compressed_file.atime.isoformat()
if isinstance(
compressed_file.atime, datetime.datetime
)
else None,
"ctime": (
compressed_file.ctime.isoformat()
if isinstance(
compressed_file.ctime,
datetime.datetime,
)
else None
),
"mtime": (
compressed_file.mtime.isoformat()
if isinstance(
compressed_file.mtime,
datetime.datetime,
)
else None
),
"atime": (
compressed_file.atime.isoformat()
if isinstance(
compressed_file.atime,
datetime.datetime,
)
else None
),
"file_size": compressed_file.file_size,
"compression_size": compressed_file.compress_size,
"compression_rate": round(
Expand Down

0 comments on commit ca28508

Please sign in to comment.