Conversation
Operating system was not able to equal causing NotImplementedError
Introducing a new argument `--log-level` or `-t` (for traceback) which sets the verbosity level of logging
The error handling process tries to get rid of maldump failing to execute. This is caused by throwing exceptions in Python on incorrect operations. Now, logging every step and caught exception alongside with continuing in the program execution
This step is done to make opening the files and parsing the kaitai structs and datetime objects easier to maintain and easier to log.
Until now, it used function parse_from_log(), however, Avira had no log, only filesystem entries. Now it uses parse_from_fs()
jozef-sabo
force-pushed
the
fix-exception-handling
branch
from
ec8cb21 to
cc5d4a6
Compare
|
Exception handling improved, now maldump tries to do as most as possible to extract files and find metadata. |
vojtechjelinek
left a comment
vojtechjelinek
left a comment
There was a problem hiding this comment.
Thanks! Took a pass.
maldump/parsers/avast_parser.py
Outdated
| def log_fn(func): | ||
| def wrapper(*args, **kwargs): | ||
| logging.debug( | ||
| "Calling function: %s, arguments: %s, keyword arguments: %s", | ||
| func.__name__, | ||
| tuple( | ||
| ( | ||
| arg | ||
| if type(arg) not in {bytes, AvastParser, Element} | ||
| else "<" + type(arg).__name__ + ">" | ||
| ) | ||
| for arg in args | ||
| ), | ||
| kwargs, | ||
| ) | ||
| return func(*args, **kwargs) | ||
|
|
||
| return wrapper |
There was a problem hiding this comment.
Nešlo by to hodit o utils a neduplikovat to?
There was a problem hiding this comment.
Presunul som to do utils. Nerobilo sa to tak preto, lebo jednotlivé loggers neboli rzlíšiteľné a nebolo jasné, z ktorého súboru sa ten log volal. Už je to fixed
| if typing.TYPE_CHECKING: | ||
| from datetime import datetime |
There was a problem hiding this comment.
This is already on lines below.
maldump/utils.py
Outdated
| if filetype: | ||
| filetype += " " |
There was a problem hiding this comment.
What does this do/mean?
There was a problem hiding this comment.
This is here for the string formatting inside the logging process. You are able to provide there a type of the file, which will be printed in the format messgage. If the type is not present, it won't be present neither in the log. However, if you add pass a type, there needs to be a space, because of word spacing.
There was a problem hiding this comment.
Hmm, I would rather not log this if it requires this. Or maybe do it in the debug strings by using f-strings? (not sure if there is an easy way to do this)
maldump/utils.py
Outdated
| "Cannot convert timestamp to datetime, using default", | ||
| exc_info=e, | ||
| ) | ||
| timestamp = datetime.now() |
There was a problem hiding this comment.
Not sure if we want the default to be now, can we rather do start of epoch?
vojtechjelinek
left a comment
vojtechjelinek
left a comment
There was a problem hiding this comment.
Thanks! Took another pass.
maldump/utils.py
Outdated
| tuple( | ||
| ( | ||
| arg | ||
| if type(arg) | ||
| not in { | ||
| bytes, | ||
| maldump.parsers.eset_parser.EsetParser, | ||
| maldump.parsers.avast_parser.AvastParser, | ||
| maldump.parsers.avg_parser.AVGParser, | ||
| maldump.parsers.forticlient_parser.ForticlientParser, | ||
| maldump.parsers.kaspersky_parser.KasperskyParser, | ||
| maldump.parsers.malwarebytes_parser.MalwarebytesParser, | ||
| maldump.parsers.mcafee_parser.McafeeParser, | ||
| maldump.parsers.windef_parser.WindowsDefenderParser, | ||
| maldump.parsers.kaitai.forticlient_parser.ForticlientParser.Timestamp, | ||
| Element, |
There was a problem hiding this comment.
Why is this needed? Also can we move the set of classes to a constant?
There was a problem hiding this comment.
This is for the logger function, which prints all the arguments passed to the function. When this happens, two cases may occur; either we are printting something, which can be confidential and/or long (contents of the file) or it is a class without __str__ representation. Fixed, moved.
maldump/utils.py
Outdated
| if filetype: | ||
| filetype += " " |
There was a problem hiding this comment.
Hmm, I would rather not log this if it requires this. Or maybe do it in the debug strings by using f-strings? (not sure if there is an easy way to do this)
Unlogged types are now moved to separate class in constants.py
2 participants
Closes #21