While writing my own plugin I ran into an issue with results generated from my worker plugin. The default encoding for windows is cp1252 (in most western countries), which only supports 256 characters. It is not uncommon for malware to include various special characters or other languages, which would fail when trying to write an invalid character to a file with cp1252 encoding. https://github.com/PUNCH-Cyber/stoq-plugins-public/blob/8ba855206da6aeae6cd03fad9162160296a74bd7/filedir/filedir/filedir.py#L102
Furthermore it is also not obvious to a user what is at fault here the worker plugin (which there may be many of, making it even more ambiguous) or the connector plugin.
In order to better support windows the writing on results should either
1) Write in binary mode
2) Specify an encoding to accommodate more characters, such as utf-8
While writing my own plugin I ran into an issue with results generated from my worker plugin. The default encoding for windows is cp1252 (in most western countries), which only supports 256 characters. It is not uncommon for malware to include various special characters or other languages, which would fail when trying to write an invalid character to a file with cp1252 encoding.
https://github.com/PUNCH-Cyber/stoq-plugins-public/blob/8ba855206da6aeae6cd03fad9162160296a74bd7/filedir/filedir/filedir.py#L102 Furthermore it is also not obvious to a user what is at fault here the worker plugin (which there may be many of, making it even more ambiguous) or the connector plugin. In order to better support windows the writing on results should either 1) Write in binary mode 2) Specify an encoding to accommodate more characters, such as utf-8