feat: converted strings plugin to v1 and integrated strings eval #1323
Conversation
jstucke
commented
Jan 10, 2025
•
jstucke
commented
- migrates the "printable_strings" plugin to the new base class
- integrates the "string_evaluation" plugin into the "printable_strings" plugin
- uses bootstrap-table to display the new result structure in the template
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #1323 +/- ##
==========================================
- Coverage 92.48% 91.81% -0.67%
==========================================
Files 379 374 -5
Lines 24115 20981 -3134
==========================================
- Hits 22302 19264 -3038
+ Misses 1813 1717 -96 ☔ View full report in Codecov by Sentry. |
jstucke
force-pushed
the
strings-v1-with-eval
branch
3 times, most recently
from
f7e09d0 to
ef8b2a8
Compare
| DICTIONARY = {'version', 'v.', 'http', 'ftp', 'usage', 'Usage', 'ssh', 'SSH', 'password', 'Version'} | ||
|
|
||
|
|
||
| def evaluate_string(string: str) -> float: |
There was a problem hiding this comment.
nit: What about renaming this to string_relevance?
There was a problem hiding this comment.
string_relevance is lacking a verb. I renamed it to calculate_relevance_score
| Schema=self.Schema, | ||
| ) | ||
| ) | ||
| ) | ||
| self.regexes = self._compile_regexes() | ||
|
|
||
| def _compile_regexes(self) -> list[tuple[Pattern[bytes], str]]: | ||
| min_length = getattr(config.backend.plugin.get(self.NAME, {}), 'min-length', 8) |
There was a problem hiding this comment.
This only works as long as we use AnalysisBasePluginAdapterMixin.
Instead this should use self.metadata.name.
There was a problem hiding this comment.
Good catch. Totally overlooked that bit
| metadata=( | ||
| self.MetaData( | ||
| name='printable_strings', | ||
| description='extracts strings and their offsets from the files consisting of printable characters', |
There was a problem hiding this comment.
What do you think?
| description='extracts strings and their offsets from the files consisting of printable characters', | |
| description='Extracts printable strings from a file and assigns a relevance score based on a predefined ruleset.', |
There was a problem hiding this comment.
I think your change better reflects what the plugin does -> changed
| """ | ||
| evaluate relevance of strings | ||
|
|
||
| Credits: | ||
| Original version by Paul Schiffer created during Firmware Bootcamp WT16/17 at University of Bonn | ||
| Refactored and improved by Fraunhofer FKIE | ||
| """ |
There was a problem hiding this comment.
I don't think that doc comment is that useful.
There was a problem hiding this comment.
Removed the doc part and added a more informative docstring to the function instead.
jstucke
force-pushed
the
strings-v1-with-eval
branch
3 times, most recently
from
a6fcef0 to
8486990
Compare
* migrates the "printable_strings" plugin to the new base class * integrates the "string_evaluation" plugin into the "printable_strings" plugin * uses bootstrap-table to display the new result structure in the template
jstucke
force-pushed
the
strings-v1-with-eval
branch
from
8486990 to
dc02b8d
Compare
