Closed sydurand closed 4 years ago
In this particular usecase it may be more user-friendly. But in general, more user-friendly is simplicity and not forcing users to remember of too many variants and ways to represent the same data (at least as much as it can be avoided - Occam's Razor).
I will prefer not to have more commandline switches representing minor changes.
Also, for now this scan produces only one report: scan_report.json
but I cannot guarantee that it will be always only one report. That's why having a separate directory for it still comes handy.
I proposed this modification because I use hollows_hunter so it's easier for me when I use the /ofilter 1 option to have all the scan_report.json in the root directory prefixed with the pid.
Maybe, with hollows_hunter it could be useful to have the content of all the scan_report.json included in the summary.json file.
hmm, currently not all the fields of the scan_report.json
are exposed via API (only the summary), so HollowsHunter cannot see all the details of this report.
I have an idea for a workaround though. Without exposing details to HollowsHunter, I can just make PE-sieve append the generated report to a given file - rather than generating an individual report. So, in this case, rather than creating the directory and dropping there scan_report.json
, PE-sieve will be appending the content of scan_report.json to the summary.json
.
Kinda output redirection.
What do you think about this idea?
Sorry for the delay, I think it's a good workaround and it could feet my needs.
Thank you,
Ok, I still have to think about the best implementation. I cannot merge your pull request, because it will be done in a bit different way, and also require some refactoring of other elements. Please keep patient, I am some busy nowadays, but I will treat it as an issue to solve for the next release (feel free to create an issue to track the status).
Hello,
from my opinion, it's more user friendly to have all the scan_report.json in the base directory directly and prefixed with pid if /ofilter equal 1. Each report directories by pid are no longer created.
Maybe if this behaviour breaks the workflow too much, I can add another command line option instead.
Regards,