Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option to scan children in YARA plugin #780

Merged
merged 5 commits into from
Aug 1, 2024
Merged

Add option to scan children in YARA plugin #780

merged 5 commits into from
Aug 1, 2024

Conversation

JSCU-CNI
Copy link
Contributor

@JSCU-CNI JSCU-CNI commented Aug 1, 2024

This is a small improvement on #646 that adds --children to target-yara / target-query -f yara.

Schamper
Schamper requested changes Aug 1, 2024
View reviewed changes
dissect/target/tools/yara.py Outdated
for target in Target.open_all(args.targets):
target.log.info("Scanning target")
for target in Target.open_all(args.targets, args.children):
target.log.info("Scanning target %s", target)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because you use target.log, it should already include the target repr in the log line, does logging it again really help?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, removed in 870e9db.

Copy link
Member

@Schamper Schamper Aug 1, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now you removed the entire log line, was that intended? My comment was towards the additional %s of the target object.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes I think the entire line is unnecessary due to additional logging by the filesystem.yara plugin

@codecov Codecov
Copy link

codecov bot commented Aug 1, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 66.66667% with 2 lines in your changes missing coverage. Please review.

Project coverage is 75.23%. Comparing base (1e88ad7) to head (fe23a70).

Files Patch % Lines
dissect/target/plugins/filesystem/yara.py 33.33% 2 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #780   +/-   ##
=======================================
  Coverage   75.23%   75.23%           
=======================================
  Files         296      296           
  Lines       25556    25556           
=======================================
  Hits        19228    19228           
  Misses       6328     6328
Flag Coverage Δ
unittests 75.23% <66.66%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Schamper Schamper merged commit 286f5cc into fox-it:main Aug 1, 2024
17 of 18 checks passed
@JSCU-CNI JSCU-CNI deleted the improvement/target-yara-children branch December 4, 2024 09:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Schamper Schamper Schamper approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@JSCU-CNI @Schamper