commit 6bd3e2b: [Minor] Oletools: Sort cat table
Vsevolod Stakhov
vsevolod at highsecure.ru
Thu Jun 4 15:49:07 UTC 2020
Author: Vsevolod Stakhov
Date: 2020-06-04 16:44:18 +0100
URL: https://github.com/rspamd/rspamd/commit/6bd3e2b9f49d1de3ab882aeca9c30bc7d526ac9d (HEAD -> master)
[Minor] Oletools: Sort cat table
---
lualib/lua_scanners/oletools.lua | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/lualib/lua_scanners/oletools.lua b/lualib/lua_scanners/oletools.lua
index 80576fa0b..b221a020c 100644
--- a/lualib/lua_scanners/oletools.lua
+++ b/lualib/lua_scanners/oletools.lua
@@ -171,14 +171,15 @@ local function oletools_check(task, content, digest, rule)
-- M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs,
-- H=Hex strings, B=Base64 strings, D=Dridex strings, V=VBA strings
+ -- Keep sorted to avoid dragons
local analysis_cat_table = {
- macro_exist = '-',
autoexec = '-',
- suspicious = '-',
- iocs = '-',
- hex = '-',
base64 = '-',
dridex = '-',
+ hex = '-',
+ iocs = '-',
+ macro_exist = '-',
+ suspicious = '-',
vba = '-'
}
local analysis_keyword_table = {}
@@ -300,8 +301,9 @@ local function oletools_check(task, content, digest, rule)
elseif rule.extended == true and #analysis_keyword_table > 0 then
-- report any flags (types) and any most keywords as individual virus name
-
- table.insert(analysis_keyword_table, 1, table.concat(lua_util.values(analysis_cat_table)))
+ local analysis_cat_table_values = lua_util.values(analysis_cat_table)
+ table.sort(analysis_cat_table_values)
+ table.insert(analysis_keyword_table, 1, table.concat(analysis_cat_table_values))
lua_util.debugm(rule.name, task, '%s: extended threat result: %s',
rule.log_prefix, table.concat(analysis_keyword_table, ','))
More information about the Commits
mailing list