BlackSnufkin
ce9a926246
Backend (Python):
- Split app/routes.py (1,389 lines) into 6 Flask blueprints (upload, analysis,
results, doppelganger, management, api) under app/blueprints/, plus
service modules (rendering, summary, tool_check, error_handling) under
app/services/, and the shared RouteHelpers class in app/helpers.py.
app/__init__.py wires shared deps via app.extensions['litterbox'].
- Split app/utils.py (1,400 lines) into the app/utils/ package with
single-concern modules: file_io, validators, path_manager, risk_analyzer,
forensics, json_helpers, reporting. No facade — every caller migrated.
- Extracted BaseSubprocessAnalyzer in app/analyzers/base.py; refactored 9
subprocess analyzers (yara/checkplz/stringnalyzer static; yara/pe_sieve/
moneta/patriot/hsb/hollows_hunter dynamic) as thin subclasses that only
declare config + implement _parse_output.
Frontend (JS):
- Split results.js (2,060), holygrail.js (1,025), byovd_info.js (1,069),
and upload.js (974) into per-concern ES6 modules under
app/static/js/{results,holygrail,byovd,upload}/.
- Added app/static/js/utils/ with shared helpers: escape, formatters,
severity, fetch, modals, dom (single source of truth for escapeHtml,
formatBytes, severity-color mapping, etc.).
- Converted base.js, summary.js, blender.js, fuzzy.js to ES6 modules;
every <script> tag now uses type="module". window.X assignments preserved
so inline onclick handlers in templates keep resolving.
- Targeted XSS hardening at user-data interpolation sites in results
renderers (str.data, hex_dump, scan_info.target, list items).
Templates:
- New app/templates/partials/_macros.html with reusable scanner-table
macros + 3-card status grid; static_info.html and dynamic_info.html
migrated to use them, eliminating identical-HTML duplication.
CSS:
- Fixed broken @apply in .drag-over (no Tailwind build pipeline → @apply
was silently ignored, leaving drag-and-drop visual feedback broken).
Replaced with raw CSS equivalent.
- Dedented stray 8-space-indented block (lines 127-end) for consistency.
- Added header comment documenting the no-build-pipeline constraint.
Gitignore:
- Anchored Results/, Uploads/, DoppelgangerDB/Blender/, and Scanners/*
patterns to repo root with leading slash so they don't shadow same-
named directories elsewhere (notably the new app/static/js/results/
module directory and app/blueprints/results.py).
- Added /Scanners/PE-Sieve/process_*/ for runtime scan artifacts.
74 lines
2.5 KiB
Python
74 lines
2.5 KiB
Python
# app/utils/json_helpers.py
|
|
"""JSON I/O, formatting, and detection-count extraction helpers."""
|
|
import json
|
|
import os
|
|
|
|
|
|
def load_json_file(filepath):
|
|
"""Safely load a JSON file. Returns None if missing or unreadable."""
|
|
if not os.path.exists(filepath):
|
|
return None
|
|
try:
|
|
with open(filepath, 'r') as f:
|
|
return json.load(f)
|
|
except Exception as e:
|
|
print(f"Error loading JSON file {filepath}: {str(e)}")
|
|
return None
|
|
|
|
|
|
def format_hex(value):
|
|
"""Format a value as a lowercase hexadecimal string."""
|
|
if isinstance(value, str) and value.startswith('0x'):
|
|
return value.lower()
|
|
try:
|
|
return f"0x{int(value):x}"
|
|
except (ValueError, TypeError):
|
|
return str(value)
|
|
|
|
|
|
def format_size(size_bytes):
|
|
"""Format a byte count as a human-readable string."""
|
|
if size_bytes < 1024:
|
|
return f"{size_bytes} bytes"
|
|
elif size_bytes < 1024 * 1024:
|
|
return f"{size_bytes / 1024:.2f} KB"
|
|
elif size_bytes < 1024 * 1024 * 1024:
|
|
return f"{size_bytes / (1024 * 1024):.2f} MB"
|
|
else:
|
|
return f"{size_bytes / (1024 * 1024 * 1024):.2f} GB"
|
|
|
|
|
|
def extract_detection_counts(results):
|
|
"""Extract per-analyzer detection counts from a results dict."""
|
|
counts = {'yara': 0, 'pesieve': 0, 'moneta': 0, 'patriot': 0, 'hsb': 0}
|
|
|
|
try:
|
|
yara_matches = results.get('yara', {}).get('matches', [])
|
|
counts['yara'] = (
|
|
len({match.get('rule') for match in yara_matches if match.get('rule')})
|
|
if isinstance(yara_matches, list) else 0
|
|
)
|
|
|
|
pesieve_findings = results.get('pe_sieve', {}).get('findings', {})
|
|
counts['pesieve'] = int(pesieve_findings.get('total_suspicious', 0) or 0)
|
|
|
|
moneta_findings = results.get('moneta', {}).get('findings', {})
|
|
non_detection_fields = ['total_regions', 'total_unsigned_modules', 'scan_duration']
|
|
counts['moneta'] = sum(
|
|
int(moneta_findings.get(key, 0) or 0)
|
|
for key in moneta_findings
|
|
if key.startswith('total_') and key not in non_detection_fields
|
|
)
|
|
|
|
patriot_findings = results.get('patriot', {}).get('findings', {}).get('findings', [])
|
|
counts['patriot'] = len(patriot_findings) if isinstance(patriot_findings, list) else 0
|
|
|
|
hsb_findings = results.get('hsb', {}).get('findings', {})
|
|
if hsb_findings and hsb_findings.get('detections'):
|
|
counts['hsb'] = len(hsb_findings['detections'][0].get('findings', []))
|
|
|
|
except (TypeError, ValueError, IndexError):
|
|
pass
|
|
|
|
return counts
|