BlackSnufkin
ce9a926246
Backend (Python):
- Split app/routes.py (1,389 lines) into 6 Flask blueprints (upload, analysis,
results, doppelganger, management, api) under app/blueprints/, plus
service modules (rendering, summary, tool_check, error_handling) under
app/services/, and the shared RouteHelpers class in app/helpers.py.
app/__init__.py wires shared deps via app.extensions['litterbox'].
- Split app/utils.py (1,400 lines) into the app/utils/ package with
single-concern modules: file_io, validators, path_manager, risk_analyzer,
forensics, json_helpers, reporting. No facade — every caller migrated.
- Extracted BaseSubprocessAnalyzer in app/analyzers/base.py; refactored 9
subprocess analyzers (yara/checkplz/stringnalyzer static; yara/pe_sieve/
moneta/patriot/hsb/hollows_hunter dynamic) as thin subclasses that only
declare config + implement _parse_output.
Frontend (JS):
- Split results.js (2,060), holygrail.js (1,025), byovd_info.js (1,069),
and upload.js (974) into per-concern ES6 modules under
app/static/js/{results,holygrail,byovd,upload}/.
- Added app/static/js/utils/ with shared helpers: escape, formatters,
severity, fetch, modals, dom (single source of truth for escapeHtml,
formatBytes, severity-color mapping, etc.).
- Converted base.js, summary.js, blender.js, fuzzy.js to ES6 modules;
every <script> tag now uses type="module". window.X assignments preserved
so inline onclick handlers in templates keep resolving.
- Targeted XSS hardening at user-data interpolation sites in results
renderers (str.data, hex_dump, scan_info.target, list items).
Templates:
- New app/templates/partials/_macros.html with reusable scanner-table
macros + 3-card status grid; static_info.html and dynamic_info.html
migrated to use them, eliminating identical-HTML duplication.
CSS:
- Fixed broken @apply in .drag-over (no Tailwind build pipeline → @apply
was silently ignored, leaving drag-and-drop visual feedback broken).
Replaced with raw CSS equivalent.
- Dedented stray 8-space-indented block (lines 127-end) for consistency.
- Added header comment documenting the no-build-pipeline constraint.
Gitignore:
- Anchored Results/, Uploads/, DoppelgangerDB/Blender/, and Scanners/*
patterns to repo root with leading slash so they don't shadow same-
named directories elsewhere (notably the new app/static/js/results/
module directory and app/blueprints/results.py).
- Added /Scanners/PE-Sieve/process_*/ for runtime scan artifacts.
52 lines
1.7 KiB
Python
52 lines
1.7 KiB
Python
# app/utils/reporting.py
|
|
"""HTML report rendering."""
|
|
import datetime as dt
|
|
|
|
from flask import render_template
|
|
|
|
from .json_helpers import extract_detection_counts, format_size
|
|
from .risk_analyzer import calculate_risk, get_risk_level
|
|
|
|
|
|
def generate_html_report(file_info=None, static_results=None,
|
|
dynamic_results=None, pid=None):
|
|
"""Render the report.html template with risk + detection summary."""
|
|
is_process_analysis = pid is not None and not file_info
|
|
analysis_type = 'process' if is_process_analysis else 'file'
|
|
|
|
risk_score, risk_factors = calculate_risk(
|
|
analysis_type=analysis_type,
|
|
file_info=file_info,
|
|
static_results=static_results,
|
|
dynamic_results=dynamic_results,
|
|
)
|
|
risk_level = get_risk_level(risk_score)
|
|
|
|
detections = {}
|
|
if static_results or dynamic_results:
|
|
detections = extract_detection_counts(dynamic_results or static_results)
|
|
|
|
if dynamic_results and is_process_analysis:
|
|
if 'process_output' not in dynamic_results:
|
|
dynamic_results['process_output'] = {
|
|
'had_output': False,
|
|
'output': '',
|
|
'stdout': '',
|
|
'stderr': '',
|
|
}
|
|
|
|
return render_template(
|
|
"report.html",
|
|
generated_on=dt.datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
|
|
is_process_analysis=is_process_analysis,
|
|
risk_score=risk_score,
|
|
risk_level=risk_level,
|
|
risk_factors=risk_factors,
|
|
detections=detections,
|
|
file_info=file_info,
|
|
static_results=static_results,
|
|
dynamic_results=dynamic_results,
|
|
pid=pid,
|
|
format_size=format_size,
|
|
)
|