From 7d6a57e179e7da062f333ae2cef923e688572f0d Mon Sep 17 00:00:00 2001 From: liquidsec Date: Fri, 18 Oct 2024 00:40:11 -0400 Subject: [PATCH 1/2] handle bad chars in matched data --- bbot/modules/internal/excavate.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bbot/modules/internal/excavate.py b/bbot/modules/internal/excavate.py index dd1099562..b60f1192b 100644 --- a/bbot/modules/internal/excavate.py +++ b/bbot/modules/internal/excavate.py @@ -154,7 +154,7 @@ async def preprocess(self, r, event, discovery_context): yara_rule_settings = YaraRuleSettings(description, tags, emit_match) yara_results = {} for h in r.strings: - yara_results[h.identifier.lstrip("$")] = sorted(set([i.matched_data.decode("utf-8") for i in h.instances])) + yara_results[h.identifier.lstrip("$")] = sorted(set([i.matched_data.decode("utf-8", errors="ignore") for i in h.instances])) await self.process(yara_results, event, yara_rule_settings, discovery_context) async def process(self, yara_results, event, yara_rule_settings, discovery_context): From 7595ff70bfc3fa137e75bfcbd3dba9cc5c20847d Mon Sep 17 00:00:00 2001 From: liquidsec Date: Fri, 18 Oct 2024 10:00:08 -0400 Subject: [PATCH 2/2] black --- bbot/modules/internal/excavate.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bbot/modules/internal/excavate.py b/bbot/modules/internal/excavate.py index b60f1192b..6651b0b42 100644 --- a/bbot/modules/internal/excavate.py +++ b/bbot/modules/internal/excavate.py @@ -154,7 +154,9 @@ async def preprocess(self, r, event, discovery_context): yara_rule_settings = YaraRuleSettings(description, tags, emit_match) yara_results = {} for h in r.strings: - yara_results[h.identifier.lstrip("$")] = sorted(set([i.matched_data.decode("utf-8", errors="ignore") for i in h.instances])) + yara_results[h.identifier.lstrip("$")] = sorted( + set([i.matched_data.decode("utf-8", errors="ignore") for i in h.instances]) + ) await self.process(yara_results, event, yara_rule_settings, discovery_context) async def process(self, yara_results, event, yara_rule_settings, discovery_context):