diff --git a/src/python/strelka/scanners/scan_docx.py b/src/python/strelka/scanners/scan_docx.py index 738806d2..ae1baabd 100644 --- a/src/python/strelka/scanners/scan_docx.py +++ b/src/python/strelka/scanners/scan_docx.py @@ -30,17 +30,17 @@ def scan(self, data, file, options, expire_at): self.event["identifier"] = docx_doc.core_properties.identifier self.event["keywords"] = docx_doc.core_properties.keywords self.event["language"] = docx_doc.core_properties.language - self.event[ - "last_modified_by" - ] = docx_doc.core_properties.last_modified_by + self.event["last_modified_by"] = ( + docx_doc.core_properties.last_modified_by + ) if docx_doc.core_properties.last_printed is not None: - self.event[ - "last_printed" - ] = docx_doc.core_properties.last_printed.isoformat() + self.event["last_printed"] = ( + docx_doc.core_properties.last_printed.isoformat() + ) if docx_doc.core_properties.modified is not None: - self.event[ - "modified" - ] = docx_doc.core_properties.modified.isoformat() + self.event["modified"] = ( + docx_doc.core_properties.modified.isoformat() + ) self.event["revision"] = docx_doc.core_properties.revision self.event["subject"] = docx_doc.core_properties.subject self.event["title"] = docx_doc.core_properties.title diff --git a/src/python/strelka/scanners/scan_encrypted_zip.py b/src/python/strelka/scanners/scan_encrypted_zip.py index 3a5fe6ee..1a816732 100644 --- a/src/python/strelka/scanners/scan_encrypted_zip.py +++ b/src/python/strelka/scanners/scan_encrypted_zip.py @@ -133,8 +133,8 @@ def scan(self, data, file, options, expire_at): is_aes = True break - with pyzipper.AESZipFile(zip_io) if is_aes else pyzipper.ZipFile( - zip_io + with ( + pyzipper.AESZipFile(zip_io) if is_aes else pyzipper.ZipFile(zip_io) ) as zip_obj: file_list = zip_obj.filelist # .filelist for file_list_item in file_list: diff --git a/src/python/strelka/scanners/scan_iso.py b/src/python/strelka/scanners/scan_iso.py index 9e825245..b949e5cc 100644 --- a/src/python/strelka/scanners/scan_iso.py +++ b/src/python/strelka/scanners/scan_iso.py @@ -27,19 +27,19 @@ def scan(self, data, file, options, expire_at): # Attempt to get Meta try: - self.event["meta"][ - "date_created" - ] = self._datetime_from_volume_date(iso.pvd.volume_creation_date) - self.event["meta"][ - "date_effective" - ] = self._datetime_from_volume_date(iso.pvd.volume_effective_date) - self.event["meta"][ - "date_expiration" - ] = self._datetime_from_volume_date(iso.pvd.volume_expiration_date) - self.event["meta"][ - "date_modification" - ] = self._datetime_from_volume_date( - iso.pvd.volume_modification_date + self.event["meta"]["date_created"] = ( + self._datetime_from_volume_date(iso.pvd.volume_creation_date) + ) + self.event["meta"]["date_effective"] = ( + self._datetime_from_volume_date(iso.pvd.volume_effective_date) + ) + self.event["meta"]["date_expiration"] = ( + self._datetime_from_volume_date(iso.pvd.volume_expiration_date) + ) + self.event["meta"]["date_modification"] = ( + self._datetime_from_volume_date( + iso.pvd.volume_modification_date + ) ) self.event["meta"][ "volume_identifier" diff --git a/src/python/strelka/scanners/scan_lnk.py b/src/python/strelka/scanners/scan_lnk.py index ed405d0d..7759529d 100644 --- a/src/python/strelka/scanners/scan_lnk.py +++ b/src/python/strelka/scanners/scan_lnk.py @@ -140,18 +140,18 @@ def scan(self, data, file, options, expire_at): try: if extradata.IconEnvironmentDataBlock: - self.event[ - "icon_target" - ] = extradata.IconEnvironmentDataBlock.TargetAnsi + self.event["icon_target"] = ( + extradata.IconEnvironmentDataBlock.TargetAnsi + ) except strelka.ScannerTimeout: raise except Exception: self.flags.append("Unable to parse IconEnvironmentDataBlock") if extradata.TrackerDataBlock: - self.event[ - "machine_id" - ] = extradata.TrackerDataBlock.MachineID.strip(b"\x00") + self.event["machine_id"] = ( + extradata.TrackerDataBlock.MachineID.strip(b"\x00") + ) self.event["mac"] = str( uuid.UUID(bytes_le=extradata.TrackerDataBlock.Droid[16:]) ).split("-")[-1] diff --git a/src/python/strelka/scanners/scan_pe.py b/src/python/strelka/scanners/scan_pe.py index 6d1cb443..3b873f70 100644 --- a/src/python/strelka/scanners/scan_pe.py +++ b/src/python/strelka/scanners/scan_pe.py @@ -532,18 +532,18 @@ def scan(self, data, file, options, expire_at): self.event["address_of_entry_point"] = pe.OPTIONAL_HEADER.AddressOfEntryPoint self.event["image_base"] = pe.OPTIONAL_HEADER.ImageBase self.event["size_of_code"] = pe.OPTIONAL_HEADER.SizeOfCode - self.event[ - "size_of_initialized_data" - ] = pe.OPTIONAL_HEADER.SizeOfInitializedData + self.event["size_of_initialized_data"] = ( + pe.OPTIONAL_HEADER.SizeOfInitializedData + ) self.event["size_of_headers"] = pe.OPTIONAL_HEADER.SizeOfHeaders self.event["size_of_heap_reserve"] = pe.OPTIONAL_HEADER.SizeOfHeapReserve self.event["size_of_image"] = pe.OPTIONAL_HEADER.SizeOfImage self.event["size_of_stack_commit"] = pe.OPTIONAL_HEADER.SizeOfStackCommit self.event["size_of_stack_reserve"] = pe.OPTIONAL_HEADER.SizeOfStackReserve self.event["size_of_heap_commit"] = pe.OPTIONAL_HEADER.SizeOfHeapCommit - self.event[ - "size_of_uninitialized_data" - ] = pe.OPTIONAL_HEADER.SizeOfUninitializedData + self.event["size_of_uninitialized_data"] = ( + pe.OPTIONAL_HEADER.SizeOfUninitializedData + ) self.event["file_alignment"] = pe.OPTIONAL_HEADER.FileAlignment self.event["section_alignment"] = pe.OPTIONAL_HEADER.SectionAlignment self.event["checksum"] = pe.OPTIONAL_HEADER.CheckSum @@ -552,12 +552,12 @@ def scan(self, data, file, options, expire_at): self.event["minor_image_version"] = pe.OPTIONAL_HEADER.MinorImageVersion self.event["major_linker_version"] = pe.OPTIONAL_HEADER.MajorLinkerVersion self.event["minor_linker_version"] = pe.OPTIONAL_HEADER.MinorLinkerVersion - self.event[ - "major_operating_system_version" - ] = pe.OPTIONAL_HEADER.MajorOperatingSystemVersion - self.event[ - "minor_operating_system_version" - ] = pe.OPTIONAL_HEADER.MinorOperatingSystemVersion + self.event["major_operating_system_version"] = ( + pe.OPTIONAL_HEADER.MajorOperatingSystemVersion + ) + self.event["minor_operating_system_version"] = ( + pe.OPTIONAL_HEADER.MinorOperatingSystemVersion + ) self.event["major_subsystem_version"] = pe.OPTIONAL_HEADER.MajorSubsystemVersion self.event["minor_subsystem_version"] = pe.OPTIONAL_HEADER.MinorSubsystemVersion self.event["image_version"] = float( diff --git a/src/python/strelka/scanners/scan_pgp.py b/src/python/strelka/scanners/scan_pgp.py index 1a9f4e7a..7c3259d4 100644 --- a/src/python/strelka/scanners/scan_pgp.py +++ b/src/python/strelka/scanners/scan_pgp.py @@ -74,9 +74,9 @@ def parse_pgpdump(self, data): secret_key_entry["creation_time"] = creation_time.isoformat() expiration_time = getattr(packet, "expiration_time", None) if expiration_time is not None: - secret_key_entry[ - "expiration_time" - ] = expiration_time.isoformat() + secret_key_entry["expiration_time"] = ( + expiration_time.isoformat() + ) if secret_key_entry not in self.event["secret_keys"]: self.event["secret_keys"].append(secret_key_entry) @@ -98,9 +98,9 @@ def parse_pgpdump(self, data): public_key_entry["creation_time"] = creation_time.isoformat() expiration_time = getattr(packet, "expiration_time", None) if expiration_time is not None: - public_key_entry[ - "expiration_time" - ] = expiration_time.isoformat() + public_key_entry["expiration_time"] = ( + expiration_time.isoformat() + ) if public_key_entry not in self.event["public_keys"]: self.event["public_keys"].append(public_key_entry) @@ -135,14 +135,14 @@ def parse_pgpdump(self, data): } creation_time = getattr(packet, "creation_time", None) if creation_time is not None: - signature_packet_entry[ - "creation_time" - ] = creation_time.isoformat() + signature_packet_entry["creation_time"] = ( + creation_time.isoformat() + ) expiration_time = getattr(packet, "expiration_time", None) if expiration_time is not None: - signature_packet_entry[ - "expiration_time" - ] = expiration_time.isoformat() + signature_packet_entry["expiration_time"] = ( + expiration_time.isoformat() + ) if signature_packet_entry not in self.event["signatures"]: self.event["signatures"].append(signature_packet_entry) diff --git a/src/python/strelka/scanners/scan_vsto.py b/src/python/strelka/scanners/scan_vsto.py index 981b7348..8e139257 100644 --- a/src/python/strelka/scanners/scan_vsto.py +++ b/src/python/strelka/scanners/scan_vsto.py @@ -7,7 +7,6 @@ """ - import base64 import hashlib diff --git a/src/python/strelka/scanners/scan_zip.py b/src/python/strelka/scanners/scan_zip.py index 450a6741..a5297a0d 100644 --- a/src/python/strelka/scanners/scan_zip.py +++ b/src/python/strelka/scanners/scan_zip.py @@ -141,9 +141,11 @@ def scan(self, data, file, options, expire_at): "compression_size": compressed_file.compress_size, "compression_rate": round(compression_rate, 2), "extracted": extracted, - "encrypted": True - if zinfo.flag_bits & 0x1 == 1 - else False, + "encrypted": ( + True + if zinfo.flag_bits & 0x1 == 1 + else False + ), } ) diff --git a/src/python/strelka/tests/__init__.py b/src/python/strelka/tests/__init__.py index 5873a94a..d452ce6b 100644 --- a/src/python/strelka/tests/__init__.py +++ b/src/python/strelka/tests/__init__.py @@ -95,9 +95,11 @@ def get_remote_fixture_archive( fileentry.filename: io.BytesIO( archive.read( fileentry.filename, - pwd=password.encode("utf-8") - if password - else None, + pwd=( + password.encode("utf-8") + if password + else None + ), ) ) }