chore: normalize file permissions and replace non-ASCII characters

dementor/assets/Dementor.toml

@@ -16,8 +16,8 @@
 #
 # The three NTLM settings (Challenge, DisableExtendedSessionSecurity,
 # DisableNTLMv2) additionally fall back through two more levels:
-#   3. [NTLM] section    — shared default for all NTLM-enabled protocols
-#   4. [Globals] section — last resort
+#   3. [NTLM] section     -- shared default for all NTLM-enabled protocols
+#   4. [Globals] section  -- last resort
 #
 # All other settings stop at step 2.
 #
@@ -294,7 +294,7 @@ SMB2Support = true
 ErrorCode = "STATUS_SMB_BAD_UID"
 
 # NTLM settings: Challenge, DisableExtendedSessionSecurity, DisableNTLMv2
-#   Not set here → falls back to [NTLM]. Set here to override [NTLM] for all
+#   Not set here -> falls back to [NTLM]. Set here to override [NTLM] for all
 #   SMB servers, or inside [[SMB.Server]] to override for a single server only.
 
 # Challenge = "1337LEET"
@@ -308,7 +308,7 @@ Port = 139
 
 [[SMB.Server]]
 Port = 445
-# Per-server overrides (highest priority — override [SMB] and [NTLM] for this port only):
+# Per-server overrides (highest priority  -- override [SMB] and [NTLM] for this port only):
 # FQDN = "other.corp.com"
 # ServerOS = "Windows Server 2022"
 # ErrorCode = "STATUS_ACCESS_DENIED"
@@ -350,7 +350,7 @@ Downgrade = true
 RequireSTARTTLS = false
 
 # NTLM settings: Challenge, DisableExtendedSessionSecurity, DisableNTLMv2
-#   Not set here → falls back to [NTLM]. Set here to override [NTLM] for all
+#   Not set here -> falls back to [NTLM]. Set here to override [NTLM] for all
 #   SMTP servers, or inside [[SMTP.Server]] to override for a single server only.
 
 # Challenge = "1337LEET"
@@ -379,11 +379,11 @@ Port = 25
 # SMB, HTTP, SMTP, LDAP, RPC, MSSQL, POP3, and IMAP.
 #
 # Resolution order for these three settings (highest priority first):
-#   1. [[Protocol.Server]] entry — per-server override (list-based protocols only:
+#   1. [[Protocol.Server]] entry  -- per-server override (list-based protocols only:
 #                                  SMB, HTTP, SMTP, LDAP, POP3, IMAP)
-#   2. [Protocol] section        — per-protocol override (e.g. [SMB], [HTTP])
-#   3. [NTLM] section            — this section; the shared default
-#   4. [Globals] section         — broadest fallback
+#   2. [Protocol] section         -- per-protocol override (e.g. [SMB], [HTTP])
+#   3. [NTLM] section             -- this section; the shared default
+#   4. [Globals] section          -- broadest fallback
 #
 # If a protocol section does not define Challenge, DisableExtendedSessionSecurity,
 # or DisableNTLMv2, it inherits the values set here. This lets you configure one
@@ -399,8 +399,8 @@ Port = 25
 # Accepted formats:
 #   "hex:1122334455667788"   explicit hex (preferred, unambiguous)
 #   "ascii:1337LEET"         explicit ASCII (preferred)
-#   "1122334455667788"       16 hex characters — auto-detected as hex
-#   "1337LEET"               8 ASCII characters — auto-detected as ASCII
+#   "1122334455667788"       16 hex characters  -- auto-detected as hex
+#   "1337LEET"               8 ASCII characters  -- auto-detected as ASCII
 #   omitted / not set        cryptographically random 8 bytes per run
 #
 # A fixed Challenge combined with DisableExtendedSessionSecurity = true makes
@@ -423,9 +423,9 @@ DisableExtendedSessionSecurity = false
 
 # When true, TargetInfoFields are omitted from the CHALLENGE_MESSAGE.
 # Without TargetInfoFields clients cannot construct the NTLMv2 Blob
-# (MS-NLMP §3.3.2), which has the following effect by client security level:
-#   Level 0–2 (older Windows, manually downgraded): fall back to NTLMv1.
-#   Level 3+  (all modern Windows defaults): refuse to authenticate — zero
+# (MS-NLMP S3.3.2), which has the following effect by client security level:
+#   Level 0-2 (older Windows, manually downgraded): fall back to NTLMv1.
+#   Level 3+  (all modern Windows defaults): refuse to authenticate  -- zero
 #             hashes captured from these clients.
 #
 # Leave false unless specifically targeting legacy NTLMv1-only environments.
@@ -497,7 +497,7 @@ TLS = false
 # ErrorCode = "unwillingToPerform"
 
 # NTLM settings: Challenge, DisableExtendedSessionSecurity, DisableNTLMv2
-#   Not set here → falls back to [NTLM]. Set here to override [NTLM] for all
+#   Not set here -> falls back to [NTLM]. Set here to override [NTLM] for all
 #   LDAP servers, or inside [[LDAP.Server]] to override for a single server only.
 
 # Challenge = "1337LEET"
@@ -599,7 +599,7 @@ AuthSchemes = ["Basic", "Negotiate", "NTLM", "Bearer"]
 WebDAV = true
 
 # NTLM settings: Challenge, DisableExtendedSessionSecurity, DisableNTLMv2
-#   Not set here → falls back to [NTLM]. Set here to override [NTLM] for all
+#   Not set here -> falls back to [NTLM]. Set here to override [NTLM] for all
 #   HTTP servers, or inside [[HTTP.Server]] to override for a single server only.
 
 # Challenge = "1337LEET"
@@ -651,7 +651,7 @@ Port = 80
 [RPC]
 
 # NTLM settings: Challenge, DisableExtendedSessionSecurity, DisableNTLMv2
-#   Not set here → falls back to [NTLM]. RPC uses a single server instance so
+#   Not set here -> falls back to [NTLM]. RPC uses a single server instance so
 #   there is no per-server item level; only [RPC] or [NTLM] apply.
 
 # Challenge = "1337LEET"
@@ -699,7 +699,7 @@ TargetPort = 49000
 [MSSQL]
 
 # NTLM settings: Challenge, DisableExtendedSessionSecurity, DisableNTLMv2
-#   Not set here → falls back to [NTLM]. MSSQL uses a single server instance so
+#   Not set here -> falls back to [NTLM]. MSSQL uses a single server instance so
 #   there is no per-server item level; only [MSSQL] or [NTLM] apply.
 
 # Challenge = "1337LEET"
@@ -762,7 +762,7 @@ InstanceName = "MSSQLServer"
 [POP3]
 
 # NTLM settings: Challenge, DisableExtendedSessionSecurity, DisableNTLMv2
-#   Not set here → falls back to [NTLM]. Set here to override [NTLM] for all
+#   Not set here -> falls back to [NTLM]. Set here to override [NTLM] for all
 #   POP3 servers, or inside [[POP3.Server]] to override for a single server only.
 
 # Challenge = "1337LEET"
@@ -807,7 +807,7 @@ Port = 110
 [IMAP]
 
 # NTLM settings: Challenge, DisableExtendedSessionSecurity, DisableNTLMv2
-#   Not set here → falls back to [NTLM]. Set here to override [NTLM] for all
+#   Not set here -> falls back to [NTLM]. Set here to override [NTLM] for all
 #   IMAP servers, or inside [[IMAP.Server]] to override for a single server only.
 
 # Challenge = "1337LEET"

dementor/config/toml.py

@@ -27,7 +27,7 @@
 _T = TypeVar("_T", bound="TomlConfig")
 
 # --------------------------------------------------------------------------- #
-# Helper sentinel used to differentiate “no default supplied” from “None”.
+# Helper sentinel used to differentiate "no default supplied" from "None".
 # --------------------------------------------------------------------------- #
 _LOCAL = object()
 
@@ -47,7 +47,7 @@ class Attribute(NamedTuple):
         section.
     :type qname: str
     :param default_val: Default value to fall back to when the key is missing.
-        ``_LOCAL`` (a private sentinel) means “no default - the key is required”.
+        ``_LOCAL`` (a private sentinel) means "no default - the key is required".
     :type default_val: Any | None, optional
     :param section_local: If ``True`` the key is looked for only in the section
         defined by the concrete subclass (``self._section_``).  If ``False`` the
@@ -231,7 +231,7 @@ def _set_field(
         # ----------------------------------------------------------------- #
         value = config.get(qname, default_val)
         if value is _LOCAL:
-            # ``_LOCAL`` means “required but not supplied”.
+            # ``_LOCAL`` means "required but not supplied".
             raise ValueError(
                 f"Expected '{qname}' in config or section({section}) for "
                 + f"{self.__class__.__name__}!"

dementor/config/util.py

@@ -88,11 +88,11 @@ class BytesValue:
 
     Supports the following input formats (str case):
 
-    - ``"hex:1122334455667788"`` — explicit hex prefix
-    - ``"ascii:1337LEET"`` — explicit ASCII prefix
-    - ``"1122334455667788"`` — auto-detect hex (when length matches ``2 * self.length``)
-    - ``"1337LEET"`` — auto-detect (try hex first, then encode)
-    - ``None`` — generate ``self.length`` cryptographically random bytes
+    - ``"hex:1122334455667788"``  -- explicit hex prefix
+    - ``"ascii:1337LEET"``  -- explicit ASCII prefix
+    - ``"1122334455667788"``  -- auto-detect hex (when length matches ``2 * self.length``)
+    - ``"1337LEET"``  -- auto-detect (try hex first, then encode)
+    - ``None``  -- generate ``self.length`` cryptographically random bytes
 
     When ``length`` is set, the result is validated to be exactly that many bytes.
     """
@@ -154,7 +154,7 @@ def _parse_str(self, value: str) -> bytes:
                 if len(candidate) == self.length:
                     return candidate
             except ValueError:
-                pass  # not valid hex — fall through
+                pass  # not valid hex  -- fall through
 
         # Fallback: when length is known, the auto-detect hex path above
         # already handled the 2*length case; encode directly so that strings

dementor/db/connector.py

@@ -165,11 +165,11 @@ def init_engine(session: SessionConfig) -> Engine | None:
         return create_engine(raw_path, **common)
 
     # MySQL / MariaDB / PostgreSQL: QueuePool.
-    #   pool_pre_ping  – detect dead connections before checkout.
-    #   pool_use_lifo  – reuse most-recent connection so idle ones expire
+    #   pool_pre_ping  - detect dead connections before checkout.
+    #   pool_use_lifo  - reuse most-recent connection so idle ones expire
     #                    naturally via server-side wait_timeout.
-    #   pool_recycle   – hard ceiling: close connections older than 1 hour.
-    #   pool_timeout=5 – fail fast on exhaustion (PoolTimeoutError caught
+    #   pool_recycle   - hard ceiling: close connections older than 1 hour.
+    #   pool_timeout=5 - fail fast on exhaustion (PoolTimeoutError caught
     #                    in model.py); hash file is the primary capture path.
     return create_engine(
         raw_path,

dementor/loader.py

@@ -306,7 +306,7 @@ def resolve_protocols(
 
         for path in protocol_paths:
             if not os.path.exists(path):
-                # Missing entries are ignored – they may be optional.
+                # Missing entries are ignored - they may be optional.
                 continue
 
             if os.path.isfile(path):

dementor/protocols/ftp.py

@@ -110,7 +110,7 @@ class FTPHandler(BaseProtoHandler):
     Minimal FTP request handler.
 
     The handler sends the initial ``220`` greeting, then processes a very
-    small login sequence (``USER`` → ``PASS``).  All other commands result
+    small login sequence (``USER`` -> ``PASS``).  All other commands result
     in a ``501`` reply.
 
     :class:`ProtocolLogger` is used to attach FTP-specific metadata to log
@@ -166,7 +166,7 @@ def handle_data(self, data: bytes | None, transport: socket) -> None:
                     parts[1].decode(errors="replace").strip() if len(parts) > 1 else ""
                 )
                 if not username:
-                    self.reply(501)  # Empty username → syntax error
+                    self.reply(501)  # Empty username -> syntax error
                     continue
 
                 self.reply(331)  # Password required

dementor/protocols/mysql.py

@@ -344,7 +344,7 @@ class HandshakeResponse:
     # filler to the size of the handhshake response packet. All 0s.
     filler: f[bytes, Bytes(23)] = b"\0" * 23
 
-    # 	login user name
+    #     login user name
     username: cstr_t
 
     # opaque authentication response data generated by Authentication Method