log-helper and json-output from oleobj #771
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
christian-intra2net
changed the title
(...and one typo in doc string)
Not needed any more when using log_helper
People (like me) might think that when they give "-r" as argument they could give a directory with samples as input, e.g. oleobj -r /path/to/samples when actually they need to specify that with a glob and -r is independent of that oleobj /path/to/samples\* Clarify that in the help-string of "-r". Also, giving a glob did result in an error saying that this is not an existing file. Fixed that.
Should not matter but this is safer and consistent with other tests.
When testing json-output we need to run samples through the "main" functions of modules, not just their "process_file" functions that would accept the extracted and decrypted data from the existing helper function "loop_over_files". They need a filename as input, so add helper to create a temp dir and extract&decrypt samples to that temporarily.
Since this test runs 3 scripts over all samples it takes pretty long. Therefore, disable it per default, enable with a environment variable OLETOOLS_TEST_JSON=1 Also, decrypting and extracting malware samples onto the disc might cause trouble, another reason for not enabling this test per default.
christian-intra2net
force-pushed
the
oleobj-json-output
branch
from
6ee6cdc
to
138f8c0
Compare
|
Fixed a bug I added earlier ( |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Use log_helper in oleobj and use it to create json-output.
This PR includes the two commits of PR #769 to simplify testing and two other unrelated commits ("Fix occurrence of msodde..." and "Remove unused import").
Output in JSON format simplifies integration of oleobj in filtering pipelines. Changes to output itself are minimal, without --json option users should not see a difference to before.