PE analyzer returns clashing types

EmersonElectricCo / fsf

File Scanning Framework

Apache License 2.0

289 stars 49 forks source link

PE analyzer returns clashing types #47

Closed dcode closed 7 years ago

dcode commented 7 years ago

When analyzing a PE, the StringFileInfo value is a dict of values. This is great, unless there is no info, in which case the return in the string None. This is a different type. When the JSON is rendered, it should be either an empty dict (i.e. {}) or omit the value entirely.

I suspect the line is here: https://github.com/EmersonElectricCo/fsf/blob/master/fsf-server/modules/META_PE.py#L199

I'm not sure what translates to {} or omission when rendering.

akniffe1 commented 7 years ago

@compsecmonkey I found a couple more examples of this behavior in other META_PE functions. For the moment, the branch issue47 should fix all these in META_PE, however I think we'll probably want to check the other fsf-server.modules for this as well.

akniffe1 commented 7 years ago

Just finished checking the other modules and we should be good to go for the "fixit" stage of this problem.

jxb5151 commented 7 years ago

This is resolved in #48