yaralyzer 1.0.11__py3-none-any.whl

yaralyzer/decoding/decoding_attempt.py

@@ -0,0 +1,222 @@
+"""
+Class to manage attempting to decode a chunk of bytes into strings with a given encoding.
+"""
+from sys import byteorder
+from typing import Optional
+
+from rich.markup import escape
+from rich.text import Text
+
+from yaralyzer.bytes_match import BytesMatch  # Formerly caused circular import issues
+from yaralyzer.encoding_detection.character_encodings import (ENCODINGS_TO_ATTEMPT, SINGLE_BYTE_ENCODINGS,
+     UTF_8, encoding_width, is_wide_utf)
+from yaralyzer.helpers.bytes_helper import clean_byte_string, truncate_for_encoding
+from yaralyzer.helpers.rich_text_helper import prefix_with_style, unprintable_byte_to_text
+from yaralyzer.output.rich_console import ALERT_STYLE, BYTES_BRIGHTER, BYTES_BRIGHTEST, BYTES_NO_DIM, GREY_ADDRESS
+from yaralyzer.util.logging import log
+
+
+class DecodingAttempt:
+    """
+    Manages the process of attempting to decode a chunk of bytes into a string using a specified encoding.
+
+    This class tries to decode the bytes using the provided encoding, handling both standard and custom decoding
+    strategies (including multi-byte encodings and forced decoding attempts). It tracks the outcome, highlights
+    the decoded output, and provides information about the decoding process.
+
+    Attributes:
+        bytes (bytes): The bytes (including context) to decode.
+        bytes_match (BytesMatch): The `BytesMatch` object containing match and context info.
+        encoding (str): The encoding to attempt.
+        encoding_label (str): Label for the encoding (may include offset info).
+        start_offset (int): Byte offset used for decoding (for multi-byte encodings).
+        start_offset_label (Optional[str]): String label for the offset, if used.
+        was_force_decoded (bool): True if a forced decode was attempted.
+        failed_to_decode (bool): True if decoding failed.
+        decoded_string (Text): The decoded string as a Rich `Text` object (with highlighting).
+    """
+
+    def __init__(self, bytes_match: 'BytesMatch', encoding: str) -> None:
+        """
+        Initialize a `DecodingAttempt` for a specific `encoding` on a given `BytesMatch`.
+
+        Args:
+            bytes_match (BytesMatch): The `BytesMatch` object containing the bytes to decode and match metadata.
+            encoding (str): The encoding to attempt for decoding the bytes.
+        """
+        self.bytes = bytes_match.surrounding_bytes
+        self.bytes_match = bytes_match
+        self.encoding = encoding
+        # Inferred / derived values
+        self.encoding_label = encoding
+        self.start_offset = 0  # Offset in bytes to start decoding from
+        self.start_offset_label = None  # String to indicate what offset we were able to decode
+        self.was_force_decoded = False
+        self.failed_to_decode = False
+        self.decoded_string = self._decode_bytes()
+
+    def _decode_bytes(self) -> Text:
+        """
+        Tries builtin decode, hands off to other methods for harsher treatment (byte shifting for
+        UTF-16/32 and custom decode for the rest) if that fails. Has side effect of setting
+        `self.decoded_string` value.
+        """
+        try:
+            decoded_string = self._to_rich_text(escape(self.bytes.decode(self.encoding)))
+            log.info(f"{self.encoding} auto-decoded {self.bytes_match}")
+            return decoded_string
+        except UnicodeDecodeError:
+            log.info(f"{self.encoding} failed on 1st pass decoding {self.bytes_match} capture; custom decoding...")
+        except LookupError as e:
+            log.warning(f"Unknown encoding: {self.encoding}. {e}")
+            return self._failed_to_decode_msg_txt(e)
+
+        self.was_force_decoded = True
+
+        if is_wide_utf(self.encoding):
+            return self._decode_utf_multibyte()
+        else:
+            return self._custom_utf_decode()
+
+    def _custom_utf_decode(self) -> Text:
+        """
+        Returns a `Text` obj representing an attempt to force a UTF-8 encoding onto an array of bytes.
+        """
+        log.info(f"Custom decoding {self.bytes_match} with {self.encoding}...")
+        unprintable_char_map = ENCODINGS_TO_ATTEMPT.get(self.encoding)
+        output = Text('', style='bytes.decoded')
+
+        # We use this to skip over bytes consumed by multi-byte UTF-n chars
+        skip_next = 0
+
+        for i, b in enumerate(self.bytes):
+            if skip_next > 0:
+                skip_next -= 1
+                continue
+
+            _byte = b.to_bytes(1, byteorder)
+
+            # Color the before and after bytes grey
+            if i < self.bytes_match.highlight_start_idx or i > self.bytes_match.highlight_end_idx:
+                style = GREY_ADDRESS
+            else:
+                style = self.bytes_match.highlight_style
+
+            if style not in [GREY_ADDRESS, ALERT_STYLE]:
+                if b <= 126:
+                    style = BYTES_NO_DIM
+                elif b <= 192:
+                    style = BYTES_BRIGHTER
+                else:
+                    style = BYTES_BRIGHTEST
+
+            try:
+                if unprintable_char_map is not None and b in unprintable_char_map:
+                    output.append(unprintable_byte_to_text(unprintable_char_map[b], style=style))
+                elif b < 127:
+                    output.append(_byte.decode(self.encoding), style=style)
+                elif self.encoding != UTF_8:
+                    output.append(_byte.decode(self.encoding), style=style)
+                # At this point we know it's UTF-8, so it must be a continuation byte
+                elif b <= 192:
+                    # In UTF-8 bytes from 128 to 192 is a continuation byte
+                    output.append(unprintable_byte_to_text(f"CHAR{b}", style=style))
+                else:
+                    if b <= 223:
+                        char_width = 2
+                    elif b <= 239:
+                        char_width = 3
+                    else:
+                        char_width = 4
+
+                    wide_char = self.bytes[i:i + char_width].decode(self.encoding)
+                    output.append(wide_char, style=style)
+                    skip_next = char_width - 1  # Won't be set if there's a decoding exception
+                    log.info(f"Skipping next {skip_next} bytes because UTF-8 multibyte char '{wide_char}' used them")
+            except UnicodeDecodeError:
+                output.append(clean_byte_string(_byte), style=style)
+
+        return output
+
+    def _decode_utf_multibyte(self) -> Text:
+        """
+        UTF-16/32 are fixed width and multibyte and therefore depend on the position of the starting byte
+        so we try several offsets until we find one that at least kind of works.
+
+        Returns:
+            Text: Rich `Text` object representing the decoded string with highlighting.
+        """
+        char_width = encoding_width(self.encoding)
+        last_exception = None
+        decoded_str = None
+        bytes_offset = 0
+
+        # Iterate through the possibly byte offsets until we find a valid decoded string (or don't)
+        while bytes_offset < char_width:
+            try:
+                decoded_str = truncate_for_encoding(self.bytes[bytes_offset:], self.encoding).decode(self.encoding)
+            except UnicodeDecodeError as e:
+                log.info(f"Exception decoding w/offset {bytes_offset} in {self.encoding}: {e}")
+                last_exception = e
+
+            # Append the current bytes_offset to the encoding label if we found a valid decoded string
+            if decoded_str is not None:
+                log.debug(f"Successfully decoded '{self.encoding}' w/offset {bytes_offset}")
+                self.start_offset = bytes_offset
+                self.start_offset_label = f"offset {self.start_offset} byte" + ('s' if self.start_offset > 1 else '')
+                self.encoding_label = f"{self.encoding} ({self.start_offset_label})"
+                break
+
+            bytes_offset += 1
+
+        if decoded_str is not None:
+            return self._to_rich_text(decoded_str, bytes_offset)
+        else:
+            return self._failed_to_decode_msg_txt(last_exception)
+
+    def _to_rich_text(self, _string: str, bytes_offset: int = 0) -> Text:
+        """
+        Convert a decoded string to highlighted `Text` representation.
+
+        Args:
+            _string (str): The decoded string to convert.
+            bytes_offset (int): The byte offset used during decoding (for multi-byte encodings).
+        Returns:
+            Text: The rich `Text` representation of the decoded string with appropriate highlighting.
+        """
+        # Adjust where we start the highlighting given the multibyte nature of the encodings
+        log.debug(f"Stepping through {self.encoding} encoded string...")
+        txt = Text('', style=self.bytes_match.style_at_position(0))
+        current_byte_idx = 0
+
+        # Prevent unprintable chars other than newline. Some of them disfigure the terminal output permanently
+        if self.encoding in SINGLE_BYTE_ENCODINGS:
+            is_single_byte_encoding = True
+            unprintable_chars = ENCODINGS_TO_ATTEMPT[self.encoding]
+        else:
+            is_single_byte_encoding = False
+            unprintable_chars = {}
+
+        for _i, c in enumerate(_string):
+            char_bytes = bytes(c, self.encoding)
+            char_width = len(char_bytes)
+            style = self.bytes_match.style_at_position(current_byte_idx + bytes_offset)
+
+            # 10 is newline in single byte encodings
+            if c.isprintable() or (ord(c) == 10 and is_single_byte_encoding):
+                txt.append(c, style)
+            elif ord(c) == 9 and is_single_byte_encoding:
+                txt.append(unprintable_byte_to_text('\\t', style=style))
+            elif ord(c) in unprintable_chars:
+                txt.append(unprintable_byte_to_text(unprintable_chars[ord(c)], style=style))
+            else:
+                txt.append(unprintable_byte_to_text(f"CHAR{ord(c)}", style=style))
+
+            current_byte_idx += char_width
+
+        return txt
+
+    def _failed_to_decode_msg_txt(self, exception: Optional[Exception]) -> Text:
+        """Set `self.failed_to_decode` flag and return a `Text` object with the error message."""
+        self.failed_to_decode = True
+        return prefix_with_style(f"(decode failed: {exception})", style='red dim italic')

yaralyzer/encoding_detection/character_encodings.py

@@ -0,0 +1,197 @@
+"""
+Constants related to character encodings.
+
+Helpful links:
+
+* ISO-8859: [www.mit.edu/people/kenta/two/iso8859.html](https://www.mit.edu/people/kenta/two/iso8859.html)
+
+* UTF-8: [www.utf8-chartable.de/unicode-utf8-table.pl?utf8=dec](https://www.utf8-chartable.de/unicode-utf8-table.pl?utf8=dec)  # noqa: E501
+"""
+
+# Bytes (TODO: why is this here?)
+NEWLINE_BYTE = b"\n"
+
+# String constants
+ENCODING = 'encoding'
+ASCII = 'ascii'
+UTF_8 = 'utf-8'
+UTF_16 = 'utf-16'
+UTF_32 = 'utf-32'
+ISO_8859_1 = 'iso-8859-1'
+WINDOWS_1252 = 'windows-1252'
+
+
+# Byte order marks
+BOMS = {
+    b'\x2b\x2f\x76':     'UTF-7 BOM',
+    b'\xef\xbb\xbf':     'UTF-8 BOM',
+    b'\xfe\xff':         'UTF-16 BOM big-endian',
+    b'\xff\xfe':         'UTF-16 BOM little-endian',
+    b'\xff\xfe\x00\x00': 'UTF-32 BOM little-endian',
+    b'\x00\x00\xfe\xff': 'UTF-32 BOM big-endian',
+    b'\x0e\xfe\xff':     'SCSU BOM',
+}
+
+
+# ASCII characters that either print nothing, put the cursor in a weird place, or (worst of all) actively
+# delete stuff you already printed
+UNPRINTABLE_ASCII = {
+    0: 'NUL',    # 'Null',
+    1: 'SOH',    # 'StartHeading',
+    2: 'STX',    # 'StartText',
+    3: 'ETX',
+    4: 'EOT',    # End of transmission
+    5: 'ENQ',    # 'Enquiry',
+    6: 'ACK',    # 'Acknowledgement',
+    7: 'BEL',    # 'Bell',
+    8: 'BS',     # 'BackSpace',
+    # 9:  'HT'   # 'HorizontalTab',
+    # 10: 'LF',  # 'LineFeed',
+    11: 'VT',    # 'VerticalTab',
+    12: 'FF',    # 'FormFeed', AKA 'NewPage'
+    13: 'CR',    # 'CarriageReturn',
+    14: 'SO',    # 'ShiftOut',
+    15: 'SI',    # 'ShiftIn',
+    16: 'DLE',   # 'DataLineEscape',
+    17: 'DC1',   # DeviceControl1',
+    18: 'DC2',   # 'DeviceControl2',
+    19: 'DC3',   # 'DeviceControl3',
+    20: 'DC4',   # 'DeviceControl4',
+    21: 'NAK',   # NegativeAcknowledgement',
+    22: 'SYN',   # 'SynchronousIdle',
+    23: 'ETB',   # 'EndTransmitBlock',
+    24: 'CAN',   # 'Cancel',
+    25: 'EM',    # 'EndMedium',
+    26: 'SUB',   # 'Substitute',
+    27: 'ESC',   # 'Escape',
+    28: 'FS',    # 'FileSeparator',
+    29: 'GS',    # 'GroupSeparator',
+    30: 'RS',    # 'RecordSeparator',
+    31: 'US',    # 'UnitSeparator',
+    127: 'DEL',  # Delete
+}
+
+
+def scrub_c1_control_chars(char_map: dict) -> None:
+    """
+    Fill in a `dict` with integer keys/values corresponding to where a given char encoding has no chars
+    because this range is for C1 control chars (AKA the "undefined" part of most character maps).
+    """
+    for i in range(128, 160):
+        char_map[i] = f"C1.CHAR{i}"
+
+
+# ISO-8859-1 AKA "Latin-1". Basically ASCII but using more of 128-256    http://www.gammon.com.au/unicode/
+UNPRINTABLE_ISO_8859_1 = UNPRINTABLE_ASCII.copy()
+scrub_c1_control_chars(UNPRINTABLE_ISO_8859_1)
+
+UNPRINTABLE_ISO_8859_1.update({
+    129: 'HOP',
+    141: 'RLF',
+    160: 'NBSP',
+    173: 'SHY',
+})
+
+
+# UTF-8 Makes no use of 128-256 on their own, only as continuation bytes.
+# The C1 bytes can appear but only as continuations
+# https://en.wikipedia.org/wiki/UTF-8
+UNPRINTABLE_UTF_8 = UNPRINTABLE_ASCII.copy()
+
+# C0, C1, FE, and FF, etc. *never* appear in UTF-8
+UNPRINTABLE_UTF_8.update({
+    192: 'C0',
+    193: 'C1',
+    245: 'F5',
+    246: 'F6',
+    247: 'F7',
+    248: 'F8',
+    249: 'F9',
+    250: 'FA',
+    251: 'FB',
+    252: 'FC',
+    253: 'FD',
+    254: 'FE',
+    255: 'FF',
+})
+
+
+# Win_1252 is a lot like other 256 char encodings but they colonized the C1 char DMZ in the middle
+UNPRINTABLE_WIN_1252 = UNPRINTABLE_ASCII.copy()
+
+UNPRINTABLE_WIN_1252.update({
+    129: 'HOP',   # High Octet Preset
+    141: 'RLF',   # Reverse Line Feed
+    143: 'SS3',   # Single shift 3
+    144: 'DCS',   # Device Control String
+    147: 'STS',   # Set transmit state
+    160: 'NBSP',  # Non-breaking space
+})
+
+
+# ISO-8859-7     #http://www.gammon.com.au/unicode/
+UNPRINTABLE_ISO_8859_7 = UNPRINTABLE_ASCII.copy()
+scrub_c1_control_chars(UNPRINTABLE_ISO_8859_7)
+
+UNPRINTABLE_ISO_8859_7.update({
+    174: 'AE',
+    210: 'D2',
+    255: 'FF'
+})
+
+
+# Keys are names of encodings we will attempt to decode with, values are dicts mapping the unprintable bytes
+# in that encoding to appropriate string represenations of those unprintable bytes.
+# Order matters here, as we will attempt the decoding in the order of the keys.
+ENCODINGS_TO_ATTEMPT = {
+    ASCII:        UNPRINTABLE_ASCII,
+    UTF_8:        UNPRINTABLE_UTF_8,
+    UTF_16:       None,
+    UTF_32:       None,  # UTF-16 and 32 are handled differently
+    ISO_8859_1:   UNPRINTABLE_ISO_8859_1,
+    WINDOWS_1252: UNPRINTABLE_WIN_1252,
+}
+
+SINGLE_BYTE_ENCODINGS = [
+    ASCII,
+    ISO_8859_1,
+    WINDOWS_1252,
+]
+
+# Keys are encodings that use multiple bytes to represent a single character, values are the possible offsets
+# to attempt to use as the starting point for decoding in a given set of bytes.
+WIDE_UTF_ENCODINGS = {
+    UTF_16: [0, 1],
+    UTF_32: [0, 1, 2, 3],
+}
+
+
+def encoding_offsets(encoding: str) -> list:
+    """Get possible offsets for a given encoding. If the encoding is not in `WIDE_UTF_ENCODINGS`, return `[0]`."""
+    return WIDE_UTF_ENCODINGS.get(encoding, [0])
+
+
+def encoding_width(encoding: str) -> int:
+    """Get the width of a character in bytes for a given encoding, which is the number of possible offsets."""
+    return len(encoding_offsets(encoding))
+
+
+def is_wide_utf(encoding: str) -> bool:
+    """Check if the encoding is a wide UTF encoding (UTF-16 or UTF-32)."""
+    return encoding in WIDE_UTF_ENCODINGS
+
+
+# TODO: this is unused cruft (mostly Asian language encodings)
+ENCODINGS = [
+    'big5',
+    'big5hkscs',
+    'cp950',
+    'gb2312',
+    'gbk',
+    'gb18030',
+    'hz',
+    'iso2022_jp_2',
+    'utf-7',
+    'utf-8',
+    'utf-16',
+]

yaralyzer/encoding_detection/encoding_assessment.py

@@ -0,0 +1,83 @@
+"""
+Helps with `chardet` library.
+"""
+from typing import Any, Optional
+
+from rich.text import Text
+
+from yaralyzer.encoding_detection.character_encodings import ENCODING
+from yaralyzer.helpers.rich_text_helper import (DIM_COUNTRY_THRESHOLD, meter_style,
+     prefix_with_style)
+
+CONFIDENCE = 'confidence'
+LANGUAGE = 'language'
+
+
+class EncodingAssessment:
+    """
+    Class to smooth some of the rough edges around the `dict`s returned by `chardet.detect_all()`.
+
+    Attributes:
+        assessment (dict): The dict returned by `chardet.detect_all()`.
+        encoding (str): The encoding detected, in lowercase.
+        confidence (float): Confidence score from 0.0 to 100.0.
+        confidence_text (Text): Rich `Text` object representing the confidence with styling.
+        language (Optional[str]): The detected language, if any.
+        encoding_label (Text): Rich `Text` object for displaying the encoding with optional language info.
+    """
+
+    def __init__(self, assessment: dict) -> None:
+        """
+        Args:
+            assessment (dict): The `dict` returned by `chardet.detect_all()`.
+        """
+        self.assessment = assessment
+        self.encoding = assessment[ENCODING].lower()
+
+        # Shift confidence from 0-1.0 scale to 0-100.0 scale
+        self.confidence = 100.0 * (self._get_dict_empty_value_as_None(CONFIDENCE) or 0.0)
+        self.confidence_text = prefix_with_style(f"{round(self.confidence, 1)}%", style=meter_style(self.confidence))
+
+        # Add detected language info and label if any language was detected
+        self.language = self._get_dict_empty_value_as_None(LANGUAGE)
+        self.set_encoding_label(self.language.title() if self.language else None)
+
+    @classmethod
+    def dummy_encoding_assessment(cls, encoding: str) -> 'EncodingAssessment':
+        """
+        Construct an empty `EncodingAssessment` to use as a dummy when `chardet` gives us nothing.
+
+        Args:
+            encoding (str): The encoding to use for the dummy assessment.
+        """
+        assessment = cls({ENCODING: encoding, CONFIDENCE: 0.0})
+        assessment.confidence_text = Text('none', 'no_attempt')
+        return assessment
+
+    def set_encoding_label(self, alt_text: Optional[str]) -> None:
+        """
+        Alt text is displayed below the encoding in slightly dimmer font.
+
+        Args:
+            alt_text (Optional[str]): Text to display along with the encoding (often the inferred language)
+        """
+        self.encoding_label = Text(self.encoding, 'encoding.header')
+
+        if alt_text is not None:
+            dim = 'dim' if (self.confidence or 0.0) < DIM_COUNTRY_THRESHOLD else ''
+            self.encoding_label.append(f" ({alt_text})", style=f"color(23) {dim}")
+
+    def __rich__(self) -> Text:
+        return Text('<Chardet(', 'white') + self.encoding_label + Text(':') + self.confidence_text + Text('>')
+
+    def __str__(self) -> str:
+        return self.__rich__().plain
+
+    def _get_dict_empty_value_as_None(self, key: str) -> Any:
+        """Return `None` if the value at `key` is an empty string, empty list, etc."""
+        value = self.assessment.get(key)
+
+        if isinstance(value, (dict, list, str)) and len(value) == 0:
+            return None
+        else:
+            return value

yaralyzer/encoding_detection/encoding_detector.py

@@ -0,0 +1,145 @@
+"""
+`EncodingDetector` class for managing chardet encoding detection.
+"""
+from operator import attrgetter
+from typing import List
+
+import chardet
+from rich import box
+from rich.padding import Padding
+from rich.table import Table
+
+from yaralyzer.config import YaralyzerConfig
+from yaralyzer.encoding_detection.encoding_assessment import ENCODING, EncodingAssessment
+from yaralyzer.util.logging import log
+
+CONFIDENCE_SCORE_RANGE = range(0, 101)
+
+
+class EncodingDetector:
+    """
+    Manager class to ease dealing with the encoding detection library `chardet`.
+
+    Each instance of this class manages a `chardet.detect_all()` scan on a single set of bytes.
+
+    Attributes:
+        bytes (bytes): The bytes to analyze.
+        bytes_len (int): The length of the bytes.
+        table (Table): A rich `Table` object summarizing the chardet results.
+        assessments (List[EncodingAssessment]): List of `EncodingAssessment` objects from `chardet` results.
+        unique_assessments (List[EncodingAssessment]): Unique assessments by encoding, highest confidence only.
+        raw_chardet_assessments (List[dict]): Raw list of dicts returned by `chardet.detect_all()`.
+        force_decode_assessments (List[EncodingAssessment]): Assessments above force decode threshold.
+        force_display_assessments (List[EncodingAssessment]): Assessments above force display threshold.
+        has_any_idea (Optional[bool]): `True` if `chardet` had any idea what the encoding might be,
+            `False` if not, `None` if `chardet` wasn't run yet.
+        force_display_threshold (float): `[class variable]` Default confidence threshold for forcing display
+            in decoded table.
+        force_decode_threshold (float): `[class variable]` Default confidence threshold for forcing a decode attempt.
+    """
+
+    # Default value for encodings w/confidences below this will not be displayed in the decoded table
+    force_display_threshold = 20.0
+    # Default value for what chardet.detect() confidence % should we force a decode with an obscure encoding.
+    force_decode_threshold = 50.0
+
+    def __init__(self, _bytes: bytes) -> None:
+        """
+        Args:
+            _bytes (bytes): The bytes to analyze with `chardet`.
+        """
+        self.bytes = _bytes
+        self.bytes_len = len(_bytes)
+        self.table = _empty_chardet_results_table()
+
+        # Skip chardet if there's not enough bytes available
+        if not self.has_enough_bytes():
+            log.debug(f"{self.bytes_len} is not enough bytes to run chardet.detect()")
+            self._set_empty_results()
+            self.has_any_idea = None  # not false!
+            return
+
+        # Unique by encoding, ignoring language.  Ordered from highest to lowest confidence
+        self.unique_assessments = []
+        self.raw_chardet_assessments = chardet.detect_all(self.bytes, ignore_threshold=True)
+
+        if len(self.raw_chardet_assessments) == 1 and self.raw_chardet_assessments[0][ENCODING] is None:
+            log.info(f"chardet.detect() has no idea what the encoding is, result: {self.raw_chardet_assessments}")
+            self._set_empty_results()
+            self.has_any_idea = False
+            return
+
+        self.has_any_idea = True
+        self.assessments = [EncodingAssessment(a) for a in self.raw_chardet_assessments]
+        self._uniquify_results_and_build_table()
+        self.force_decode_assessments = self.assessments_above_confidence(type(self).force_decode_threshold)
+        self.force_display_assessments = self.assessments_above_confidence(type(self).force_display_threshold)
+
+    def get_encoding_assessment(self, encoding: str) -> EncodingAssessment:
+        """
+        Get the `chardet` assessment for a specific encoding.
+
+        Args:
+            encoding (str): The encoding to look for.
+
+        Returns:
+            EncodingAssessment: Assessment for the given encoding if it exists, otherwise a dummy with 0 confidence.
+        """
+        assessment = next((r for r in self.unique_assessments if r.encoding == encoding), None)
+        return assessment or EncodingAssessment.dummy_encoding_assessment(encoding)
+
+    def has_enough_bytes(self) -> bool:
+        """Return `True` if we have enough bytes to run `chardet.detect()`."""
+        return self.bytes_len >= YaralyzerConfig.args.min_chardet_bytes
+
+    def assessments_above_confidence(self, cutoff: float) -> List[EncodingAssessment]:
+        """Return the assessments above the given confidence cutoff."""
+        return [a for a in self.unique_assessments if a.confidence >= cutoff]
+
+    def __rich__(self) -> Padding:
+        return Padding(self.table, (0, 0, 0, 0))
+
+    def _uniquify_results_and_build_table(self) -> None:
+        """Keep the highest result per encoding, ignoring the language `chardet` has indicated."""
+        already_seen_encodings = {}
+
+        for i, result in enumerate(self.assessments):
+            if result.confidence < YaralyzerConfig.args.min_chardet_table_confidence:
+                continue
+
+            self.table.add_row(f"{i + 1}", result.encoding_label, result.confidence_text)
+
+            # self.unique_assessments retains one result per encoding possibility (the highest confidence one)
+            # Some encodings are not language specific and for those we don't care about the language
+            if result.encoding not in already_seen_encodings:
+                self.unique_assessments.append(result)
+                already_seen_encodings[result.encoding] = result
+            else:
+                log.debug(f"Skipping chardet result {result} (already saw {already_seen_encodings[result.encoding]})")
+
+        self.unique_assessments.sort(key=attrgetter('confidence'), reverse=True)
+
+    def _set_empty_results(self) -> None:
+        """Set empty results for when `chardet` can't help us."""
+        self.assessments = []
+        self.unique_assessments = []
+        self.raw_chardet_assessments = []
+        self.force_decode_assessments = []
+        self.force_display_assessments = []
+
+
+def _empty_chardet_results_table() -> Table:
+    """Returns an empty `Table` with appropriate columns for `chardet` results."""
+    table = Table(
+        'Rank', 'Encoding', 'Confidence',
+        title='chardet.detect results',
+        title_style='color(153) italic dim',
+        header_style='off_white',
+        style='dim',
+        box=box.SIMPLE,
+        show_edge=False,
+        collapse_padding=True
+    )
+
+    table.columns[0].justify = 'right'
+    return table