When the analysed sample is a `.sys` driver and HolyGrail has been run,
the downloaded report now leads with a HolyGrail BYOVD section instead
of burying it after the dynamic-scan stuff that doesn't apply to
drivers.
- helpers._load_file_data also loads byovd_results.json (when present)
and threads it through `data['byovd_results']` into the report.
- generate_html_report computes a HolyGrail score Python-side (port of
holygrail/core.js's calculateScore) and exposes is_driver_report,
byovd_score, byovd_label, byovd_class, av_killer_imports to the
template.
- For driver reports the hero "Risk Assessment" card swaps to "BYOVD
Potential" with the HolyGrail score and pill, and the chip row
swaps the YARA/PE-Sieve/Moneta/Patriot/HSB counts (all zero on
drivers — they don't run dynamic scans) for LOLDrivers / Win10 /
Win11 / Critical Imports.
- The HolyGrail BYOVD section moves above File Information / Risk
Factors so it's the first thing a defender sees in the report.
- Non-driver reports are unchanged.
BlackSnufkin
921be01911