diff --git a/src/python/strelka/scanners/scan_docx.py b/src/python/strelka/scanners/scan_docx.py index b4c8781e..257a7e57 100644 --- a/src/python/strelka/scanners/scan_docx.py +++ b/src/python/strelka/scanners/scan_docx.py @@ -33,17 +33,17 @@ def scan(self, data, file, options, expire_at): self.event["identifier"] = docx_doc.core_properties.identifier self.event["keywords"] = docx_doc.core_properties.keywords self.event["language"] = docx_doc.core_properties.language - self.event[ - "last_modified_by" - ] = docx_doc.core_properties.last_modified_by + self.event["last_modified_by"] = ( + docx_doc.core_properties.last_modified_by + ) if docx_doc.core_properties.last_printed is not None: - self.event[ - "last_printed" - ] = docx_doc.core_properties.last_printed.isoformat() + self.event["last_printed"] = ( + docx_doc.core_properties.last_printed.isoformat() + ) if docx_doc.core_properties.modified is not None: - self.event[ - "modified" - ] = docx_doc.core_properties.modified.isoformat() + self.event["modified"] = ( + docx_doc.core_properties.modified.isoformat() + ) self.event["revision"] = docx_doc.core_properties.revision self.event["subject"] = docx_doc.core_properties.subject self.event["title"] = docx_doc.core_properties.title diff --git a/src/python/strelka/scanners/scan_iso.py b/src/python/strelka/scanners/scan_iso.py index 5478c687..53ecab4b 100644 --- a/src/python/strelka/scanners/scan_iso.py +++ b/src/python/strelka/scanners/scan_iso.py @@ -30,19 +30,19 @@ def scan(self, data, file, options, expire_at): # Attempt to get Meta try: - self.event["meta"][ - "date_created" - ] = self._datetime_from_volume_date(iso.pvd.volume_creation_date) - self.event["meta"][ - "date_effective" - ] = self._datetime_from_volume_date(iso.pvd.volume_effective_date) - self.event["meta"][ - "date_expiration" - ] = self._datetime_from_volume_date(iso.pvd.volume_expiration_date) - self.event["meta"][ - "date_modification" - ] = self._datetime_from_volume_date( - iso.pvd.volume_modification_date + self.event["meta"]["date_created"] = ( + self._datetime_from_volume_date(iso.pvd.volume_creation_date) + ) + self.event["meta"]["date_effective"] = ( + self._datetime_from_volume_date(iso.pvd.volume_effective_date) + ) + self.event["meta"]["date_expiration"] = ( + self._datetime_from_volume_date(iso.pvd.volume_expiration_date) + ) + self.event["meta"]["date_modification"] = ( + self._datetime_from_volume_date( + iso.pvd.volume_modification_date + ) ) self.event["meta"][ "volume_identifier" diff --git a/src/python/strelka/scanners/scan_lnk.py b/src/python/strelka/scanners/scan_lnk.py index a824c8f0..6763d1b8 100644 --- a/src/python/strelka/scanners/scan_lnk.py +++ b/src/python/strelka/scanners/scan_lnk.py @@ -143,18 +143,18 @@ def scan(self, data, file, options, expire_at): try: if extradata.IconEnvironmentDataBlock: - self.event[ - "icon_target" - ] = extradata.IconEnvironmentDataBlock.TargetAnsi + self.event["icon_target"] = ( + extradata.IconEnvironmentDataBlock.TargetAnsi + ) except strelka.ScannerTimeout: raise except Exception: self.flags.append("Unable to parse IconEnvironmentDataBlock") if extradata.TrackerDataBlock: - self.event[ - "machine_id" - ] = extradata.TrackerDataBlock.MachineID.strip(b"\x00") + self.event["machine_id"] = ( + extradata.TrackerDataBlock.MachineID.strip(b"\x00") + ) self.event["mac"] = str( uuid.UUID(bytes_le=extradata.TrackerDataBlock.Droid[16:]) ).split("-")[-1] diff --git a/src/python/strelka/scanners/scan_pe.py b/src/python/strelka/scanners/scan_pe.py index fa9d3af8..943f5e41 100644 --- a/src/python/strelka/scanners/scan_pe.py +++ b/src/python/strelka/scanners/scan_pe.py @@ -535,18 +535,18 @@ def scan(self, data, file, options, expire_at): self.event["address_of_entry_point"] = pe.OPTIONAL_HEADER.AddressOfEntryPoint self.event["image_base"] = pe.OPTIONAL_HEADER.ImageBase self.event["size_of_code"] = pe.OPTIONAL_HEADER.SizeOfCode - self.event[ - "size_of_initialized_data" - ] = pe.OPTIONAL_HEADER.SizeOfInitializedData + self.event["size_of_initialized_data"] = ( + pe.OPTIONAL_HEADER.SizeOfInitializedData + ) self.event["size_of_headers"] = pe.OPTIONAL_HEADER.SizeOfHeaders self.event["size_of_heap_reserve"] = pe.OPTIONAL_HEADER.SizeOfHeapReserve self.event["size_of_image"] = pe.OPTIONAL_HEADER.SizeOfImage self.event["size_of_stack_commit"] = pe.OPTIONAL_HEADER.SizeOfStackCommit self.event["size_of_stack_reserve"] = pe.OPTIONAL_HEADER.SizeOfStackReserve self.event["size_of_heap_commit"] = pe.OPTIONAL_HEADER.SizeOfHeapCommit - self.event[ - "size_of_uninitialized_data" - ] = pe.OPTIONAL_HEADER.SizeOfUninitializedData + self.event["size_of_uninitialized_data"] = ( + pe.OPTIONAL_HEADER.SizeOfUninitializedData + ) self.event["file_alignment"] = pe.OPTIONAL_HEADER.FileAlignment self.event["section_alignment"] = pe.OPTIONAL_HEADER.SectionAlignment self.event["checksum"] = pe.OPTIONAL_HEADER.CheckSum @@ -555,12 +555,12 @@ def scan(self, data, file, options, expire_at): self.event["minor_image_version"] = pe.OPTIONAL_HEADER.MinorImageVersion self.event["major_linker_version"] = pe.OPTIONAL_HEADER.MajorLinkerVersion self.event["minor_linker_version"] = pe.OPTIONAL_HEADER.MinorLinkerVersion - self.event[ - "major_operating_system_version" - ] = pe.OPTIONAL_HEADER.MajorOperatingSystemVersion - self.event[ - "minor_operating_system_version" - ] = pe.OPTIONAL_HEADER.MinorOperatingSystemVersion + self.event["major_operating_system_version"] = ( + pe.OPTIONAL_HEADER.MajorOperatingSystemVersion + ) + self.event["minor_operating_system_version"] = ( + pe.OPTIONAL_HEADER.MinorOperatingSystemVersion + ) self.event["major_subsystem_version"] = pe.OPTIONAL_HEADER.MajorSubsystemVersion self.event["minor_subsystem_version"] = pe.OPTIONAL_HEADER.MinorSubsystemVersion self.event["image_version"] = float( diff --git a/src/python/strelka/scanners/scan_pgp.py b/src/python/strelka/scanners/scan_pgp.py index ac93cc8f..02c6329f 100644 --- a/src/python/strelka/scanners/scan_pgp.py +++ b/src/python/strelka/scanners/scan_pgp.py @@ -77,9 +77,9 @@ def parse_pgpdump(self, data): secret_key_entry["creation_time"] = creation_time.isoformat() expiration_time = getattr(packet, "expiration_time", None) if expiration_time is not None: - secret_key_entry[ - "expiration_time" - ] = expiration_time.isoformat() + secret_key_entry["expiration_time"] = ( + expiration_time.isoformat() + ) if secret_key_entry not in self.event["secret_keys"]: self.event["secret_keys"].append(secret_key_entry) @@ -101,9 +101,9 @@ def parse_pgpdump(self, data): public_key_entry["creation_time"] = creation_time.isoformat() expiration_time = getattr(packet, "expiration_time", None) if expiration_time is not None: - public_key_entry[ - "expiration_time" - ] = expiration_time.isoformat() + public_key_entry["expiration_time"] = ( + expiration_time.isoformat() + ) if public_key_entry not in self.event["public_keys"]: self.event["public_keys"].append(public_key_entry) @@ -138,14 +138,14 @@ def parse_pgpdump(self, data): } creation_time = getattr(packet, "creation_time", None) if creation_time is not None: - signature_packet_entry[ - "creation_time" - ] = creation_time.isoformat() + signature_packet_entry["creation_time"] = ( + creation_time.isoformat() + ) expiration_time = getattr(packet, "expiration_time", None) if expiration_time is not None: - signature_packet_entry[ - "expiration_time" - ] = expiration_time.isoformat() + signature_packet_entry["expiration_time"] = ( + expiration_time.isoformat() + ) if signature_packet_entry not in self.event["signatures"]: self.event["signatures"].append(signature_packet_entry)