Write scan_report in the base directory if /ofilter 1

[sydurand]

Hello,

from my opinion, it's more user friendly to have all the scan_report.json in the base directory directly and prefixed with pid if /ofilter equal 1. Each report directories by pid are no longer created.

Maybe if this behaviour breaks the workflow too much, I can add another command line option instead.

Regards,

[hasherezade]

In this particular usecase it may be more user-friendly. But in general, more user-friendly is simplicity and not forcing users to remember of too many variants and ways to represent the same data (at least as much as it can be avoided - Occam's Razor). I will prefer not to have more commandline switches representing minor changes. Also, for now this scan produces only one report: scan_report.json but I cannot guarantee that it will be always only one report. That's why having a separate directory for it still comes handy.

[sydurand]

I proposed this modification because I use hollows_hunter so it's easier for me when I use the /ofilter 1 option to have all the scan_report.json in the root directory prefixed with the pid.

Maybe, with hollows_hunter it could be useful to have the content of all the scan_report.json included in the summary.json file.

[hasherezade]

hmm, currently not all the fields of the scan_report.json are exposed via API (only the summary), so HollowsHunter cannot see all the details of this report.

I have an idea for a workaround though. Without exposing details to HollowsHunter, I can just make PE-sieve append the generated report to a given file - rather than generating an individual report. So, in this case, rather than creating the directory and dropping there scan_report.json, PE-sieve will be appending the content of scan_report.json to the summary.json. Kinda output redirection. What do you think about this idea?

[sydurand]

Sorry for the delay, I think it's a good workaround and it could feet my needs.

Thank you,

[hasherezade]

Ok, I still have to think about the best implementation. I cannot merge your pull request, because it will be done in a bit different way, and also require some refactoring of other elements. Please keep patient, I am some busy nowadays, but I will treat it as an issue to solve for the next release (feel free to create an issue to track the status).