yaralyzer 1.0.5__tar.gz → 1.0.7__tar.gz

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/CHANGELOG.md

@@ -1,5 +1,13 @@
 # NEXT RELEASE
 
+### 1.0.7
+* Add `Changelog` to PyPi URLs, add some more PyPi classifiers
+* Add `.flake8` config file and fix style errors
+
+### 1.0.6
+* Add `Environment :: Console` and `Programming Language :: Python` to PyPi classifiers
+* Add `LICENSE` to PyPi package
+
 ### 1.0.5
 * Add `Development Status :: 5 - Production/Stable` to pypi classifiers
 

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/PKG-INFO

@@ -1,20 +1,24 @@
 Metadata-Version: 2.1
 Name: yaralyzer
-Version: 1.0.5
+Version: 1.0.7
 Summary: Visualize and force decode YARA and regex matches found in a file or byte stream. With colors. Lots of colors.
 Home-page: https://github.com/michelcrypt4d4mus/yaralyzer
 License: GPL-3.0-or-later
-Keywords: ascii art,binary,character encoding,color,cybersecurity,data visualization,decode,DFIR,encoding,infosec,maldoc,malicious,malware,malware analysis,regex,regular expressions,reverse engineering,reversing,security,threat assessment,threat hunting,threat intelligence,threat research,visualization,yara
+Keywords: ascii art,binary,character encoding,color,cybersecurity,data visualization,decode,DFIR,encoding,infosec,maldoc,malicious,malware,malware analysis,regex,regular expressions,reverse engineering,reversing,security,threat assessment,threat hunting,threat intelligence,threat research,threatintel,visualization,yara
 Author: Michel de Cryptadamus
 Author-email: michel@cryptadamus.com
 Requires-Python: >=3.9,<4.0
 Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Console
 Classifier: Intended Audience :: Information Technology
 Classifier: License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)
+Classifier: Programming Language :: Python
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
 Classifier: Topic :: Artistic Software
 Classifier: Topic :: Scientific/Engineering :: Visualization
 Classifier: Topic :: Security
@@ -23,6 +27,7 @@ Requires-Dist: python-dotenv (>=0.21.0,<0.22.0)
 Requires-Dist: rich (>=14.1.0,<15.0.0)
 Requires-Dist: rich-argparse-plus (>=0.3.1,<0.4.0)
 Requires-Dist: yara-python (>=4.5.4,<5.0.0)
+Project-URL: Changelog, https://github.com/michelcrypt4d4mus/yaralyzer/blob/master/CHANGELOG.md
 Project-URL: Documentation, https://github.com/michelcrypt4d4mus/yaralyzer
 Project-URL: Repository, https://github.com/michelcrypt4d4mus/yaralyzer
 Description-Content-Type: text/markdown

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "yaralyzer"
-version = "1.0.5"
+version = "1.0.7"
 description = "Visualize and force decode YARA and regex matches found in a file or byte stream. With colors. Lots of colors."
 authors = ["Michel de Cryptadamus <michel@cryptadamus.com>"]
 readme = "README.md"
@@ -9,6 +9,28 @@ homepage = "https://github.com/michelcrypt4d4mus/yaralyzer"
 repository = "https://github.com/michelcrypt4d4mus/yaralyzer"
 documentation = "https://github.com/michelcrypt4d4mus/yaralyzer"
 
+classifiers = [
+    "Development Status :: 5 - Production/Stable",
+    "Environment :: Console",
+    "Intended Audience :: Information Technology",
+    "License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)",
+    "Programming Language :: Python",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Topic :: Artistic Software",
+    "Topic :: Security",
+    "Topic :: Scientific/Engineering :: Visualization",
+]
+
+include = [
+    "CHANGELOG.md",
+    "LICENSE",
+    ".yaralyzer.example"
+]
+
 keywords = [
     "ascii art",
     "binary",
@@ -33,43 +55,47 @@ keywords = [
     "threat hunting",
     "threat intelligence",
     "threat research",
+    "threatintel",
     "visualization",
     "yara",
 ]
 
-classifiers = [
-    "Development Status :: 5 - Production/Stable",
-    "Intended Audience :: Information Technology",
-    "License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)",
-    "Topic :: Artistic Software",
-    "Topic :: Security",
-    "Topic :: Scientific/Engineering :: Visualization",
-]
-
-include = [
-    "CHANGELOG.md",
-    ".yaralyzer.example"
-]
-
 
+#####################
+#   Dependencies    #
+#####################
 [tool.poetry.dependencies]
 python = "^3.9"
 chardet = ">=5.0.0,<6.0.0"
-#plyara = "^2.1.1"
 python-dotenv = "^0.21.0"
 rich = "^14.1.0"
 rich-argparse-plus = "^0.3.1"
 yara-python = "^4.5.4"
+#plyara = "^2.1.1"  # TODO: use plyara for YARA rule parsing and validation
 
 [tool.poetry.group.dev.dependencies]
+flake8 = "^7.3.0"
 pytest = "^7.1.3"
 
 
+#############
+#  Scripts  #
+#############
 [tool.poetry.scripts]
 yaralyze = 'yaralyzer:yaralyze'
 yaralyzer_show_color_theme = 'yaralyzer.helpers.rich_text_helper:yaralyzer_show_color_theme'
 
 
+#####################
+#     PyPi URLs     #
+#####################
+[tool.poetry.urls]
+Changelog = "https://github.com/michelcrypt4d4mus/yaralyzer/blob/master/CHANGELOG.md"
+
+
+###############################
+#     Poetry build system     #
+###############################
 [build-system]
-requires = ["poetry-core"]
 build-backend = "poetry.core.masonry.api"
+requires = ["poetry-core"]

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/yaralyzer/__init__.py

@@ -11,11 +11,9 @@ if not environ.get('INVOKED_BY_PYTEST', False):
             load_dotenv(dotenv_path=dotenv_file)
             break
 
-from yaralyzer.config import YaralyzerConfig
 from yaralyzer.output.file_export import export_json, invoke_rich_export
 from yaralyzer.output.rich_console import console
 from yaralyzer.util.argument_parser import get_export_basepath, parse_arguments
-from yaralyzer.util.logging import log
 from yaralyzer.yara.yara_rule_builder import HEX, REGEX
 from yaralyzer.yaralyzer import Yaralyzer
 

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/yaralyzer/bytes_match.py

@@ -13,22 +13,22 @@ from rich.text import Text
 from yara import StringMatch, StringMatchInstance
 
 from yaralyzer.config import YaralyzerConfig
-from yaralyzer.helpers.rich_text_helper import prefix_with_plain_text_obj
+from yaralyzer.helpers.rich_text_helper import prefix_with_style
 from yaralyzer.output.file_hashes_table import bytes_hashes_table
 from yaralyzer.output.rich_console import ALERT_STYLE, GREY_ADDRESS
 
 
 class BytesMatch:
     def __init__(
-            self,
-            matched_against: bytes,
-            start_idx: int,
-            length: int,
-            label: str,
-            ordinal: int,
-            match: Optional[re.Match] = None,  # It's rough to get the regex from yara :(
-            highlight_style: str = YaralyzerConfig.HIGHLIGHT_STYLE
-        ) -> None:
+        self,
+        matched_against: bytes,
+        start_idx: int,
+        length: int,
+        label: str,
+        ordinal: int,
+        match: Optional[re.Match] = None,  # It's rough to get the regex from yara :(
+        highlight_style: str = YaralyzerConfig.HIGHLIGHT_STYLE
+    ) -> None:
         """
         Ordinal means it's the Nth match with this regex (not super important but useful)
         YARA makes it a little rouch to get the actual regex that matched. Can be done with plyara eventually.
@@ -52,24 +52,24 @@ class BytesMatch:
 
     @classmethod
     def from_regex_match(
-            cls,
-            matched_against: bytes,
-            match: re.Match,
-            ordinal: int,
-            highlight_style: str = YaralyzerConfig.HIGHLIGHT_STYLE
-        ) -> 'BytesMatch':
+        cls,
+        matched_against: bytes,
+        match: re.Match,
+        ordinal: int,
+        highlight_style: str = YaralyzerConfig.HIGHLIGHT_STYLE
+    ) -> 'BytesMatch':
         return cls(matched_against, match.start(), len(match[0]), match.re.pattern, ordinal, match, highlight_style)
 
     @classmethod
     def from_yara_str(
-            cls,
-            matched_against: bytes,
-            rule_name: str,
-            yara_str_match: StringMatch,
-            yara_str_match_instance: StringMatchInstance,
-            ordinal: int,
-            highlight_style: str = YaralyzerConfig.HIGHLIGHT_STYLE
-        ) -> 'BytesMatch':
+        cls,
+        matched_against: bytes,
+        rule_name: str,
+        yara_str_match: StringMatch,
+        yara_str_match_instance: StringMatchInstance,
+        ordinal: int,
+        highlight_style: str = YaralyzerConfig.HIGHLIGHT_STYLE
+    ) -> 'BytesMatch':
         """Build a BytesMatch from a yara string match. 'matched_against' is the set of bytes yara was run against."""
         pattern_label = yara_str_match.identifier
 
@@ -89,11 +89,11 @@ class BytesMatch:
 
     @classmethod
     def from_yara_match(
-            cls,
-            matched_against: bytes,
-            yara_match: dict,
-            highlight_style: str = YaralyzerConfig.HIGHLIGHT_STYLE
-        ) -> Iterator['BytesMatch']:
+        cls,
+        matched_against: bytes,
+        yara_match: dict,
+        highlight_style: str = YaralyzerConfig.HIGHLIGHT_STYLE
+    ) -> Iterator['BytesMatch']:
         """Iterator w/a BytesMatch for each string returned as part of a YARA match result dict."""
         i = 0  # For numbered labeling
 
@@ -102,13 +102,14 @@ class BytesMatch:
             for yara_str_match_instance in yara_str_match.instances:
                 i += 1
 
-                yield(cls.from_yara_str(
+                yield cls.from_yara_str(
                     matched_against,
                     yara_match['rule'],
                     yara_str_match,
                     yara_str_match_instance,
                     i,
-                    highlight_style))
+                    highlight_style
+                )
 
     def style_at_position(self, idx) -> str:
         """Get the style for the byte at position idx within the matched bytes"""
@@ -119,11 +120,12 @@ class BytesMatch:
 
     def location(self) -> Text:
         """Returns a Text obj like '(start idx: 348190, end idx: 348228)'"""
-        location_txt = prefix_with_plain_text_obj(
+        location_txt = prefix_with_style(
             f"(start idx: ",
             style='off_white',
             root_style='decode.subheading'
         )
+
         location_txt.append(str(self.start_idx), style='number')
         location_txt.append(', end idx: ', style='off_white')
         location_txt.append(str(self.end_idx), style='number')
@@ -184,7 +186,7 @@ class BytesMatch:
         self.surrounding_bytes: bytes = self.matched_against[self.surrounding_start_idx:self.surrounding_end_idx]
 
     def __rich__(self) -> Text:
-        headline = prefix_with_plain_text_obj(str(self.match_length), style='number', root_style='decode.subheading')
+        headline = prefix_with_style(str(self.match_length), style='number', root_style='decode.subheading')
         headline.append(f" bytes matching ")
         headline.append(f"{self.label} ", style=ALERT_STYLE if self.highlight_style == ALERT_STYLE else 'regex')
         headline.append('at ')

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/yaralyzer/config.py

@@ -91,7 +91,7 @@ class YaralyzerConfig:
             env_var = f"{YARALYZER}_{option.upper()}"
             env_value = environ.get(env_var)
             default_value = cls.get_default_arg(option)
-            #print(f"option: {option}, arg_value: {arg_value}, env_var: {env_var}, env_value: {env_value}, default: {default_value}")
+            # print(f"option: {option}, arg_value: {arg_value}, env_var: {env_var}, env_value: {env_value}, default: {default_value}")  # noqa: E501
 
             # TODO: as is you can't override env vars with CLI args
             if isinstance(arg_value, bool):

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/yaralyzer/decoding/bytes_decoder.py

@@ -3,7 +3,6 @@ Class to handle attempting to decode a chunk of bytes into strings with various
 Leverages the chardet library to both guide what encodings are attempted as well as to rank decodings
 in the results.
 """
-
 from collections import defaultdict
 from copy import deepcopy
 from operator import attrgetter
@@ -15,14 +14,13 @@ from rich.panel import Panel
 from rich.table import Table
 from rich.text import Text
 
-#from yaralyzer.bytes_match import BytesMatch
+from yaralyzer.bytes_match import BytesMatch  # Used to cause circular import issues
 from yaralyzer.config import YaralyzerConfig
 from yaralyzer.decoding.decoding_attempt import DecodingAttempt
-from yaralyzer.encoding_detection.character_encodings import ENCODING, ENCODINGS_TO_ATTEMPT, encoding_offsets
+from yaralyzer.encoding_detection.character_encodings import ENCODING, ENCODINGS_TO_ATTEMPT
 from yaralyzer.encoding_detection.encoding_assessment import EncodingAssessment
 from yaralyzer.encoding_detection.encoding_detector import EncodingDetector
 from yaralyzer.helpers.dict_helper import get_dict_key_by_value
-from yaralyzer.helpers.list_helper import flatten
 from yaralyzer.helpers.rich_text_helper import CENTER, DECODING_ERRORS_MSG, NO_DECODING_ERRORS_MSG
 from yaralyzer.output.decoding_attempts_table import (DecodingTableRow, assessment_only_row,
      decoding_table_row, new_decoding_attempts_table)
@@ -66,7 +64,6 @@ class BytesDecoder:
         if self.bytes_match.is_decodable():
             yield self._build_decodings_table()
         elif YaralyzerConfig.args.standalone_mode:
-            # TODO: yield self.bytes_match.suppression_notice() (i guess to show some notice that things are suppressed?)
             yield self._build_decodings_table(True)
 
         yield NewLine()
@@ -136,7 +133,7 @@ class BytesDecoder:
         # If the decoding can have a start offset add an appropriate extension to the encoding label
         if decoding.start_offset_label:
             if assessment.language:
-                log.warning(f"{decoding.encoding} has offset {decoding.start_offset} and language '{assessment.language}'")
+                log.warning(f"{decoding.encoding} offset {decoding.start_offset} AND language '{assessment.language}'")
             else:
                 assessment = deepcopy(assessment)
                 assessment.set_encoding_label(decoding.start_offset_label)

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/yaralyzer/decoding/decoding_attempt.py

@@ -7,10 +7,11 @@ from typing import Optional
 from rich.markup import escape
 from rich.text import Text
 
+from yaralyzer.bytes_match import BytesMatch  # Used to cause circular import issues
 from yaralyzer.encoding_detection.character_encodings import (ENCODINGS_TO_ATTEMPT, SINGLE_BYTE_ENCODINGS,
      UTF_8, encoding_width, is_wide_utf)
 from yaralyzer.helpers.bytes_helper import clean_byte_string, truncate_for_encoding
-from yaralyzer.helpers.rich_text_helper import prefix_with_plain_text_obj, unprintable_byte_to_text
+from yaralyzer.helpers.rich_text_helper import prefix_with_style, unprintable_byte_to_text
 from yaralyzer.output.rich_console import ALERT_STYLE, BYTES_BRIGHTER, BYTES_BRIGHTEST, BYTES_NO_DIM, GREY_ADDRESS
 from yaralyzer.util.logging import log
 
@@ -144,7 +145,7 @@ class DecodingAttempt:
         else:
             return self._failed_to_decode_msg_txt(last_exception)
 
-    def _to_rich_text(self, _string: str, bytes_offset: int=0) -> Text:
+    def _to_rich_text(self, _string: str, bytes_offset: int = 0) -> Text:
         """Convert a decoded string to highlighted Text representation"""
         # Adjust where we start the highlighting given the multibyte nature of the encodings
         log.debug(f"Stepping through {self.encoding} encoded string...")
@@ -181,4 +182,4 @@ class DecodingAttempt:
     def _failed_to_decode_msg_txt(self, exception: Optional[Exception]) -> Text:
         """Set failed_to_decode flag and return a Text object with the error message."""
         self.failed_to_decode = True
-        return prefix_with_plain_text_obj(f"(decode failed: {exception})", style='red dim italic')
+        return prefix_with_style(f"(decode failed: {exception})", style='red dim italic')

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/yaralyzer/encoding_detection/character_encodings.py

@@ -13,7 +13,7 @@ ASCII = 'ascii'
 UTF_8 = 'utf-8'
 UTF_16 = 'utf-16'
 UTF_32 = 'utf-32'
-ISO_8859_1 =  'iso-8859-1'
+ISO_8859_1 = 'iso-8859-1'
 WINDOWS_1252 = 'windows-1252'
 
 
@@ -32,39 +32,39 @@ BOMS = {
 # ASCII characters that either print nothing, put the cursor in a weird place, or (worst of all) actively
 # delete stuff you already printed
 UNPRINTABLE_ASCII = {
-    0: 'NUL',
-    1: 'SOH',  # 'StartHeading',
-    2: 'STX',  # 'StartText',
+    0: 'NUL',    # 'Null',
+    1: 'SOH',    # 'StartHeading',
+    2: 'STX',    # 'StartText',
     3: 'ETX',
-    4: 'EOT',  # End of transmission
-    5: 'ENQ',  # 'Enquiry',
-    6: 'ACK',  # 'Acknowledgement',
-    7: 'BEL',  # 'Bell',
-    8: 'BS',   # 'BackSpace',
-    #9:  'HT'  # 'HorizontalTab',
-    #10: 'LF',  # 'LineFeed',
-    11: 'VT',  # 'VerticalTab',
-    12: 'FF',  # 'FormFeed', AKA 'NewPage'
-    13: 'CR',  # 'CarriageReturn',
-    14: 'SO',  # 'ShiftOut',
-    15: 'SI',  # 'ShiftIn',
-    16: 'DLE',  # 'DataLineEscape',
-    17: 'DC1',  # DeviceControl1',
-    18: 'DC2',  # 'DeviceControl2',
-    19: 'DC3',  # 'DeviceControl3',
-    20: 'DC4',  # 'DeviceControl4',
+    4: 'EOT',    # End of transmission
+    5: 'ENQ',    # 'Enquiry',
+    6: 'ACK',    # 'Acknowledgement',
+    7: 'BEL',    # 'Bell',
+    8: 'BS',     # 'BackSpace',
+    # 9:  'HT'   # 'HorizontalTab',
+    # 10: 'LF',  # 'LineFeed',
+    11: 'VT',    # 'VerticalTab',
+    12: 'FF',    # 'FormFeed', AKA 'NewPage'
+    13: 'CR',    # 'CarriageReturn',
+    14: 'SO',    # 'ShiftOut',
+    15: 'SI',    # 'ShiftIn',
+    16: 'DLE',   # 'DataLineEscape',
+    17: 'DC1',   # DeviceControl1',
+    18: 'DC2',   # 'DeviceControl2',
+    19: 'DC3',   # 'DeviceControl3',
+    20: 'DC4',   # 'DeviceControl4',
     21: 'NAK',   # NegativeAcknowledgement',
-    22: 'SYN',  # 'SynchronousIdle',
-    23: 'ETB',  # 'EndTransmitBlock',
-    24: 'CAN',  # 'Cancel',
-    25: 'EM',  # 'EndMedium',
-    26: 'SUB',  # 'Substitute',
-    27: 'ESC',  # 'Escape',
-    28: 'FS',  # 'FileSeparator',
-    29: 'GS',  #'GroupSeparator',
-    30: 'RS',  #'RecordSeparator',
-    31: 'US',  # 'UnitSeparator',
-    127: 'DEL', # Delete
+    22: 'SYN',   # 'SynchronousIdle',
+    23: 'ETB',   # 'EndTransmitBlock',
+    24: 'CAN',   # 'Cancel',
+    25: 'EM',    # 'EndMedium',
+    26: 'SUB',   # 'Substitute',
+    27: 'ESC',   # 'Escape',
+    28: 'FS',    # 'FileSeparator',
+    29: 'GS',    # 'GroupSeparator',
+    30: 'RS',    # 'RecordSeparator',
+    31: 'US',    # 'UnitSeparator',
+    127: 'DEL',  # Delete
 }
 
 
@@ -116,12 +116,12 @@ UNPRINTABLE_UTF_8.update({
 UNPRINTABLE_WIN_1252 = UNPRINTABLE_ASCII.copy()
 
 UNPRINTABLE_WIN_1252.update({
-    129: 'HOP', # High Octet Preset
-    141: 'RLF', # Reverse Line Feed
-    143: 'SS3', # Single shift 3
-    144: 'DCS', # Device Control String
-    147: 'STS', # Set transmit state
-    160: 'NBSP',
+    129: 'HOP',   # High Octet Preset
+    141: 'RLF',   # Reverse Line Feed
+    143: 'SS3',   # Single shift 3
+    144: 'DCS',   # Device Control String
+    147: 'STS',   # Set transmit state
+    160: 'NBSP',  # Non-breaking space
 })
 
 
@@ -146,7 +146,6 @@ ENCODINGS_TO_ATTEMPT = {
     UTF_32:       None,  # UTF-16 and 32 are handled differently
     ISO_8859_1:   UNPRINTABLE_ISO_8859_1,
     WINDOWS_1252: UNPRINTABLE_WIN_1252,
-    #'utf-7':
 }
 
 SINGLE_BYTE_ENCODINGS = [

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/yaralyzer/encoding_detection/encoding_assessment.py

@@ -7,7 +7,7 @@ from rich.text import Text
 
 from yaralyzer.encoding_detection.character_encodings import ENCODING
 from yaralyzer.helpers.rich_text_helper import (DIM_COUNTRY_THRESHOLD, meter_style,
-     prefix_with_plain_text_obj)
+     prefix_with_style)
 
 CONFIDENCE = 'confidence'
 LANGUAGE = 'language'
@@ -20,7 +20,7 @@ class EncodingAssessment:
 
         # Shift confidence from 0-1.0 scale to 0-100.0 scale
         self.confidence = 100.0 * (self._get_dict_empty_value_as_None(CONFIDENCE) or 0.0)
-        self.confidence_text = prefix_with_plain_text_obj(f"{round(self.confidence, 1)}%", style=meter_style(self.confidence))
+        self.confidence_text = prefix_with_style(f"{round(self.confidence, 1)}%", style=meter_style(self.confidence))
 
         # Add detected language info and label if any language was detected
         self.language = self._get_dict_empty_value_as_None(LANGUAGE)

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/yaralyzer/encoding_detection/encoding_detector.py

@@ -9,7 +9,6 @@ import chardet
 from rich import box
 from rich.padding import Padding
 from rich.table import Table
-from rich.text import Text
 
 from yaralyzer.config import YaralyzerConfig
 from yaralyzer.encoding_detection.encoding_assessment import ENCODING, EncodingAssessment
@@ -83,7 +82,7 @@ class EncodingDetector:
                 self.unique_assessments.append(result)
                 already_seen_encodings[result.encoding] = result
             else:
-                log.debug(f"Skipping chardet result {result}: we already saw {already_seen_encodings[result.encoding]})")
+                log.debug(f"Skipping chardet result {result} (already saw {already_seen_encodings[result.encoding]})")
 
         self.unique_assessments.sort(key=attrgetter('confidence'), reverse=True)
 
@@ -105,8 +104,8 @@ def _empty_chardet_results_table():
         style='dim',
         box=box.SIMPLE,
         show_edge=False,
-        collapse_padding=True)
+        collapse_padding=True
+    )
 
     table.columns[0].justify = 'right'
-    table.columns # TODO: ???
     return table

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/yaralyzer/helpers/bytes_helper.py

@@ -144,9 +144,9 @@ def truncate_for_encoding(_bytes: bytes, encoding: str) -> bytes:
 def _find_str_rep_of_bytes(surrounding_bytes_str: str, highlighted_bytes_str: str, highlighted_bytes: BytesMatch):
     """
     Find the position of bytes_str in surrounding_byte_str. Both args are raw text dumps of binary data.
-    Because strings are longer than bytes (stuff like '\xcc' are 4 chars when printed are one byte and the ANSI unprintables
-    include stuff like 'NegativeAcknowledgement' which is over 20 chars) they represent so we have to re-find the location to highlight the bytes
-    correctly.
+    Because strings are longer than bytes (stuff like '\xcc' are 4 chars when printed are one byte and
+    the ANSI unprintables include stuff like 'NegativeAcknowledgement' which is over 20 chars) they represent
+    so we have to re-find the location to highlight the bytes correctly.
     """
     # Start a few chars in to avoid errors: sometimes we're searching for 1 or 2 bytes and there's a false positive
     # in the extra bytes. Tthis isn't perfect - it's starting us at the first index into the *bytes* that's safe to
@@ -155,7 +155,7 @@ def _find_str_rep_of_bytes(surrounding_bytes_str: str, highlighted_bytes_str: st
 
     # TODO: Somehow \' and ' don't always come out the same :(
     if highlight_idx == -1:
-        log.info(f"Failed to find highlighted_bytes in first pass so deleting single quotes and retrying. " + \
+        log.info(f"Failed to find highlighted_bytes in first pass so deleting single quotes and retrying. " +
                   "Highlighting may be off by a few chars,")
 
         surrounding_bytes_str = surrounding_bytes_str.replace("\\'", "'")

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/yaralyzer/helpers/dict_helper.py

@@ -1,7 +1,6 @@
 """
 Help with dicts.
 """
-from numbers import Number
 
 
 def get_dict_key_by_value(_dict: dict, value):

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/yaralyzer/helpers/list_helper.py

@@ -2,6 +2,7 @@
 Help with lists.
 """
 
+
 def flatten(a):
     """From https://www.geeksforgeeks.org/python/python-flatten-list-to-individual-elements/"""
     return_value = []

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/yaralyzer/helpers/rich_text_helper.py

@@ -40,7 +40,7 @@ def na_txt(style: Union[str, Style] = 'white'):
     return Text('N/A', style=style)
 
 
-def prefix_with_plain_text_obj(_str: str, style: str, root_style=None) -> Text:
+def prefix_with_style(_str: str, style: str, root_style=None) -> Text:
     """Sometimes you need a Text() object to start plain lest the underline or whatever last forever"""
     return Text('', style=root_style or 'white') + Text(_str, style)
 
@@ -61,7 +61,7 @@ def meter_style(meter_pct):
     return style
 
 
-def unprintable_byte_to_text(code: str, style='') -> Text:
+def unprintable_byte_to_text(code: str, style: str = '') -> Text:
     """Used with ASCII escape codes and the like, gives colored results like '[NBSP]'."""
     style = BYTES_HIGHLIGHT if style == BYTES_BRIGHTEST else style
     txt = Text('[', style=style)
@@ -70,7 +70,7 @@ def unprintable_byte_to_text(code: str, style='') -> Text:
     return txt
 
 
-def dim_if(txt: Union[str, Text], is_dim: bool, style: Union[str, None]=None):
+def dim_if(txt: Union[str, Text], is_dim: bool, style: Union[str, None] = None):
     """Apply 'dim' style if 'is_dim'. 'style' overrides for Text and applies for strings."""
     txt = txt.copy() if isinstance(txt, Text) else Text(txt, style=style or '')
 
@@ -95,24 +95,24 @@ def show_color_theme(styles: dict) -> None:
     console.print(Panel('The Yaralyzer Color Theme', style='reverse'))
 
     colors = [
-        prefix_with_plain_text_obj(name[:MAX_THEME_COL_SIZE], style=str(style)).append(' ')
+        prefix_with_style(name[:MAX_THEME_COL_SIZE], style=str(style)).append(' ')
         for name, style in styles.items()
         if name not in ['reset', 'repr_url']
     ]
 
-    console.print(Columns(colors, column_first=True, padding=(0,5), equal=True))
+    console.print(Columns(colors, column_first=True, padding=(0, 5), equal=True))
 
 
 def size_text(num_bytes: int) -> Text:
     """Convert a number of bytes into (e.g.) 54,213 bytes (52 KB)"""
-    kb_txt = prefix_with_plain_text_obj("{:,.1f}".format(num_bytes / 1024), style='bright_cyan', root_style='white')
+    kb_txt = prefix_with_style("{:,.1f}".format(num_bytes / 1024), style='bright_cyan', root_style='white')
     kb_txt.append(' kb ')
     bytes_txt = Text('(', 'white') + size_in_bytes_text(num_bytes) + Text(')')
     return kb_txt + bytes_txt
 
 
 def size_in_bytes_text(num_bytes: int) -> Text:
-    return  Text(f"{num_bytes:,d}", 'number').append(' bytes', style='white')
+    return Text(f"{num_bytes:,d}", 'number').append(' bytes', style='white')
 
 
 def newline_join(texts: List[Text]) -> Text:

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/yaralyzer/output/file_export.py

@@ -83,7 +83,7 @@ def invoke_rich_export(export_method, output_file_basepath) -> str:
     kwargs.update({'clear': False})
 
     if 'svg' in method_name:
-        kwargs.update({'title': path.basename(output_file_path) })
+        kwargs.update({'title': path.basename(output_file_path)})
 
     # Invoke it
     log_and_print(f"Invoking Rich.console.{method_name}('{output_file_path}') with kwargs: '{kwargs}'...")

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/yaralyzer/output/file_hashes_table.py

@@ -14,10 +14,10 @@ BytesInfo = namedtuple('BytesInfo', ['size', 'md5', 'sha1', 'sha256'])
 
 
 def bytes_hashes_table(
-        bytes_or_bytes_info: Union[bytes, BytesInfo],
-        title: Optional[str] = None,
-        title_justify: str = LEFT
-    ) -> Table:
+    bytes_or_bytes_info: Union[bytes, BytesInfo],
+    title: Optional[str] = None,
+    title_justify: str = LEFT
+) -> Table:
     """Build a table to show the MD5, SHA1, SHA256, etc."""
     if isinstance(bytes_or_bytes_info, bytes):
         bytes_info = compute_file_hashes(bytes_or_bytes_info)

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/yaralyzer/output/rich_console.py

@@ -123,5 +123,5 @@ def print_fatal_error_and_exit(error_message: str) -> None:
     exit()
 
 
-def print_header_panel(headline: str, style: str, expand: bool = True, padding: tuple = (0,2)) -> None:
+def print_header_panel(headline: str, style: str, expand: bool = True, padding: tuple = (0, 2)) -> None:
     console.print(Panel(headline, box=box.DOUBLE_EDGE, style=style, expand=expand, padding=padding))

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/yaralyzer/util/argument_parser.py

@@ -78,8 +78,8 @@ source.add_argument('--regex-modifier', '-mod',
 # Fine tuning
 tuning = parser.add_argument_group(
     'FINE TUNING',
-    "Tune various aspects of the analyses and visualizations to your needs. As an example setting " + \
-        "a low --max-decode-length (or suppressing brute force binary decode attempts altogether) can " + \
+    "Tune various aspects of the analyses and visualizations to your needs. As an example setting " +
+        "a low --max-decode-length (or suppressing brute force binary decode attempts altogether) can " +
         "dramatically improve run times and only occasionally leads to a fatal lack of insight.")
 
 tuning.add_argument('--maximize-width', action='store_true',
@@ -119,14 +119,14 @@ tuning.add_argument('--min-chardet-bytes',
                     type=int)
 
 tuning.add_argument('--min-chardet-table-confidence',
-                    help="minimum chardet confidence to display the encoding name/score in the character " + \
+                    help="minimum chardet confidence to display the encoding name/score in the character " +
                          "decection scores table",
                     default=YaralyzerConfig.DEFAULT_MIN_CHARDET_TABLE_CONFIDENCE,
                     metavar='PCT_CONFIDENCE',
                     type=int)
 
 tuning.add_argument('--force-display-threshold',
-                    help="encodings with chardet confidence below this number will neither be displayed nor " + \
+                    help="encodings with chardet confidence below this number will neither be displayed nor " +
                          "decoded in the decodings table",
                     default=EncodingDetector.force_display_threshold,
                     metavar='PCT_CONFIDENCE',
@@ -134,9 +134,9 @@ tuning.add_argument('--force-display-threshold',
                     choices=CONFIDENCE_SCORE_RANGE)
 
 tuning.add_argument('--force-decode-threshold',
-                    help="extremely high (AKA 'above this number') confidence scores from chardet.detect() " + \
-                         "as to the likelihood some bytes were written with a particular encoding will cause " + \
-                         "the yaralyzer to attempt decoding those bytes in that encoding even if it is not a " + \
+                    help="extremely high (AKA 'above this number') confidence scores from chardet.detect() " +
+                         "as to the likelihood some bytes were written with a particular encoding will cause " +
+                         "the yaralyzer to attempt decoding those bytes in that encoding even if it is not a " +
                          "configured encoding",
                     default=EncodingDetector.force_decode_threshold,
                     metavar='PCT_CONFIDENCE',
@@ -159,8 +159,8 @@ tuning.add_argument('--yara-stack-size',
 # Export options
 export = parser.add_argument_group(
     'FILE EXPORT',
-    "Multiselect. Choosing nothing is choosing nothing. Sends what you see on the screen to various file " + \
-        "formats in parallel. Writes files to the current directory if --output-dir is not provided. " + \
+    "Multiselect. Choosing nothing is choosing nothing. Sends what you see on the screen to various file " +
+        "formats in parallel. Writes files to the current directory if --output-dir is not provided. " +
         "Filenames are expansions of the scanned filename though you can use --file-prefix to make your " +
         "filenames more unique and beautiful to their beholder.")
 
@@ -282,7 +282,7 @@ def parse_arguments(args: Optional[Namespace] = None):
 
 def get_export_basepath(args: Namespace, yaralyzer: Yaralyzer):
     file_prefix = (args.file_prefix + '_') if args.file_prefix else ''
-    args.output_basename =  f"{file_prefix}{yaralyzer._filename_string()}"
+    args.output_basename  = f"{file_prefix}{yaralyzer._filename_string()}"  # noqa: E221
     args.output_basename += f"__maxdecode{YaralyzerConfig.args.max_decode_length}"
     args.output_basename += ('_' + args.file_suffix) if args.file_suffix else ''
     return path.join(args.output_dir, args.output_basename + f"__at_{args.invoked_at_str}")

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/yaralyzer/util/logging.py

@@ -26,7 +26,7 @@ Python log levels for reference:
 """
 import logging
 import sys
-from os import environ, path
+from os import path
 from typing import Union
 
 from rich.logging import RichHandler

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/yaralyzer/yara/yara_match.py

@@ -97,7 +97,7 @@ def _rich_yara_match(element: Any, depth: int = 0) -> Text:
             list_txt = Text('[', style='white')
 
             if total_length > console_width() or len(element) > 3:
-                join_txt = Text(f"\n{indent}" )
+                join_txt = Text(f"\n{indent}")
                 list_txt.append(join_txt).append(Text(f",{join_txt}").join(elements_txt))
                 list_txt += Text(f'\n{end_indent}]', style='white')
             else:

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/yaralyzer/yara/yara_rule_builder.py

@@ -4,12 +4,11 @@ Builds bare bones YARA rules to match strings and regex patterns. Example rule s
 rule Just_A_Piano_Man {
     meta:
         author           = "Tim"
-	strings:
-		$hilton_producer = /Scott.*Storch/
-	condition:
-		$hilton_producer
+    strings:
+        $hilton_producer = /Scott.*Storch/
+    condition:
+        $hilton_producer
 }
-
 """
 import re
 from typing import Optional
@@ -60,12 +59,12 @@ rule {rule_name} {{
 
 
 def yara_rule_string(
-        pattern: str,
-        pattern_type: str = REGEX,
-        rule_name: str = YARALYZE,
-        pattern_label: Optional[str] = PATTERN,
-        modifier: Optional[str] = None
-    ) -> str:
+    pattern: str,
+    pattern_type: str = REGEX,
+    rule_name: str = YARALYZE,
+    pattern_label: Optional[str] = PATTERN,
+    modifier: Optional[str] = None
+) -> str:
     """Build a YARA rule string for a given pattern"""
     if not (modifier is None or modifier in YARA_REGEX_MODIFIERS):
         raise TypeError(f"Modifier '{modifier}' is not one of {YARA_REGEX_MODIFIERS}")
@@ -89,12 +88,12 @@ def yara_rule_string(
 
 
 def build_yara_rule(
-        pattern: str,
-        pattern_type: str = REGEX,
-        rule_name: str = YARALYZE,
-        pattern_label: Optional[str] = PATTERN,
-        modifier: Optional[str] = None
-    ) -> yara.Rule:
+    pattern: str,
+    pattern_type: str = REGEX,
+    rule_name: str = YARALYZE,
+    pattern_label: Optional[str] = PATTERN,
+    modifier: Optional[str] = None
+) -> yara.Rule:
     """Build a compiled YARA rule"""
     rule_string = yara_rule_string(pattern, pattern_type, rule_name, pattern_label, modifier)
     return yara.compile(source=rule_string)

{yaralyzer-1.0.5 → yaralyzer-1.0.7}/yaralyzer/yaralyzer.py

@@ -9,7 +9,6 @@ Alternate constructors are provided depending on whether:
 The real action happens in the __rich__console__() dunder method.
 """
 from os import path
-from sys import exit
 from typing import Iterator, List, Optional, Tuple, Union
 
 import yara
@@ -36,13 +35,13 @@ YARA_FILE_DOES_NOT_EXIST_ERROR_MSG = "is not a valid yara rules file (it doesn't
 # TODO: might be worth introducing a Scannable namedtuple or similar
 class Yaralyzer:
     def __init__(
-            self,
-            rules: Union[str, yara.Rules],
-            rules_label: str,
-            scannable: Union[bytes, str],
-            scannable_label: Optional[str] = None,
-            highlight_style: str = YaralyzerConfig.HIGHLIGHT_STYLE
-        ) -> None:
+        self,
+        rules: Union[str, yara.Rules],
+        rules_label: str,
+        scannable: Union[bytes, str],
+        scannable_label: Optional[str] = None,
+        highlight_style: str = YaralyzerConfig.HIGHLIGHT_STYLE
+    ) -> None:
         """
         If rules is a string it will be compiled by yara
         If scannable is bytes then scannable_label must be provided.
@@ -83,11 +82,11 @@ class Yaralyzer:
 
     @classmethod
     def for_rules_files(
-            cls,
-            yara_rules_files: List[str],
-            scannable: Union[bytes, str],
-            scannable_label: Optional[str] = None
-        ) -> 'Yaralyzer':
+        cls,
+        yara_rules_files: List[str],
+        scannable: Union[bytes, str],
+        scannable_label: Optional[str] = None
+    ) -> 'Yaralyzer':
         """Alternate constructor loads yara rules from files, labels rules w/filenames"""
         if not isinstance(yara_rules_files, list):
             raise TypeError(f"{yara_rules_files} is not a list")
@@ -108,11 +107,11 @@ class Yaralyzer:
 
     @classmethod
     def for_rules_dirs(
-            cls,
-            dirs: List[str],
-            scannable: Union[bytes, str],
-            scannable_label: Optional[str] = None
-        ) -> 'Yaralyzer':
+        cls,
+        dirs: List[str],
+        scannable: Union[bytes, str],
+        scannable_label: Optional[str] = None
+    ) -> 'Yaralyzer':
         """Alternate constructor that will load all .yara files in yara_rules_dir"""
         if not (isinstance(dirs, list) and all(path.isdir(dir) for dir in dirs)):
             raise TypeError(f"'{dirs}' is not a list of valid directories")
@@ -122,15 +121,15 @@ class Yaralyzer:
 
     @classmethod
     def for_patterns(
-            cls,
-            patterns: List[str],
-            patterns_type: str,
-            scannable: Union[bytes, str],
-            scannable_label: Optional[str] = None,
-            rules_label: Optional[str] = None,
-            pattern_label: Optional[str] = None,
-            regex_modifier: Optional[str] = None,
-        ) -> 'Yaralyzer':
+        cls,
+        patterns: List[str],
+        patterns_type: str,
+        scannable: Union[bytes, str],
+        scannable_label: Optional[str] = None,
+        rules_label: Optional[str] = None,
+        pattern_label: Optional[str] = None,
+        regex_modifier: Optional[str] = None,
+    ) -> 'Yaralyzer':
         """Constructor taking regex pattern strings. Rules label defaults to patterns joined by comma"""
         rule_strings = []
 
@@ -186,7 +185,7 @@ class Yaralyzer:
         # Only show the non matches if there were valid ones, otherwise just show the number
         if len(self.matches) == 0:
             non_match_desc = f" did not match any of the {len(self.non_matches)} yara rules"
-            console.print(dim_if(self.__text__()  + Text(non_match_desc, style='grey'), True))
+            console.print(dim_if(self.__text__() + Text(non_match_desc, style='grey'), True))
             return
 
         non_match_desc = f" did not match the other {len(self.non_matches)} yara rules"