Avoid unicode NULL chars in JSON report file (linux analyzer)

CYB3RMX / Qu1cksc0pe

All-in-One malware analysis tool.

GNU General Public License v3.0

1.24k stars 176 forks source link

Avoid unicode NULL chars in JSON report file (linux analyzer) #62

Closed luis261 closed 1 month ago

luis261 commented 1 month ago

from #58:

regarding the Unicode Null character \u0000 in the interpreter value: [...] My best guess is that it stems either from an error/issue internal to lief.parse or more likely a usage error in the way we call chr on the result of self.binary.get_section(sec_name).content [...] I'll open a small followup PR for that after this one gets merged.^1

this should fix it.

luis261 commented 1 month ago

Just based on some REPL tinkering for now:

>>> ord("\u0000")
0
>>> print(json.dumps(chr(0)))
"\u0000"
>>> chr(0)
'\x00'

https://www.compart.com/en/unicode/U+0000

luis261 commented 1 month ago

I still need to test this in an actual analysis run, then I'll report back here and de-draft the PR.

luis261 commented 1 month ago

Ok, I just tested this with another linux run and it works: the only difference between the output file on master and the one on my branch is that my report doesn't contain the unwanted NUL char.