Example of Python code for 2.0?

[xme]

I wrote a Python script to automate the analysis of sample but since the upgrade to the latest floss PIP module, my script does not work anymore!? Who can share a sample of Python code?

It fails to load to import:

from floss import identification_manager as id_man
from floss import main
from floss import stackstrings
from floss import strings as static

Tx in advance!

[williballenthin]

Thanks for raising this issue @xme

It looks like FLOSS is in a bit of broken state right now:

• vivisect yanked their v0.1.0 release from PyPI so FLOSS v1.7.0 can no longer be installed from there. I'm not sure why this was the case. Any insight @rakuy0?
• the master branch on github is in active development, so its not a great idea to install from here.

I will work this week to do another release, probably v1.7.1 that uses a newer version of vivsect thats available on PyPI. Then we can triage your script errors. Will that work for you?

[rakuy0]

I'm confused. Unless PyPI is doing something weird, I haven't yanked any releases out from PyPI ever. And I can see the release here: https://pypi.org/project/vivisect/0.1.0/, along with the last of the python-2 line (0.2.1) here: https://pypi.org/project/vivisect/0.2.1/. How are you trying to install vivisect and on what python version?

Because I have noticed that pypi will only list the versions of a package that match your current python version. So I tried pip install vivisect==0.1.0 on a python38 instance, and it told me the only options were in the 1.0.x line. But when I switch to a python2 version, then the opposite happens and it tells me only the 0.x.x line is available if I try to pip install 1.0.0.

That being said, installing 0.1.0 via a pip install vivisect==0.1.0 worked on a local python2 instance for me. So a general pip workflow seemed to work? But I also haven't looked at how floss handles vivisect or any of it's versioning.

But in case you can't get to it from PyPI due to pip shenanigans, I do also tag most of the releases on github, so you should be able to git clone the main vivisect repo and checkout the v0.1.0 tag or the v0.2.0 tag.

Or have I missed the mark and you think there's something else going on?

[williballenthin]

ahh, i bet its because i ran this from py3 so it didn't recognize the py2 releases. PEBKAC. sorry!

[williballenthin]

@xme can you share the details of the errors you're encountering?

[xme]

Tx for the replies... I can't just load the module... Ex:

>>> from floss import stackstrings
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ImportError: cannot import name 'stackstrings' from 'floss' (/opt/fame/env/lib/python3.8/site-packages/floss/__init__.py)

[xme]

Thanks for raising this issue @xme

It looks like FLOSS is in a bit of broken state right now:

• vivisect yanked their v0.1.0 release from PyPI so FLOSS v1.7.0 can no longer be installed from there. I'm not sure why this was the case. Any insight @rakuy0?
• the master branch on github is in active development, so its not a great idea to install from here.

I will work this week to do another release, probably v1.7.1 that uses a newer version of vivsect thats available on PyPI. Then we can triage your script errors. Will that work for you?

Tx! Appreciated!

[mr-tz]

Does the example in https://github.com/mandiant/flare-floss/blob/master/tests/conftest.py help?

The new FLOSS output is all JSON based so hopefully that makes integrations easier.

[cccs-jh]

I had the same issue, but I realized that I used pip install floss instead of pip install flare-floss. Both packages import with import floss and at least on my machine floss will be imported instead of flare-floss if both are installed. Installing flare-floss and uninstalling floss fixed my issue.

floss seems to be an empty module.

[mr-tz]

Closing stale issue. Please re-open if this is still a problem.