Update pre-commit checks to latest versions (#60)

Also fixes the issues found with them
fox-it · Oct 10, 2024 · 62ed6a3 · 62ed6a3
1 parent 6bbb69e
commit 62ed6a3
Show file tree

Hide file tree

Showing 14 changed files with 58 additions and 22 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,16 +1,16 @@
 repos:
   - repo: https://github.com/charliermarsh/ruff-pre-commit
-    rev: v0.0.270
+    rev: v0.6.9
     hooks:
       - id: ruff
   - repo: https://github.com/psf/black
-    rev: 23.3.0
+    rev: 24.10.0
     hooks:
     - id: black
       args: [--check, --diff]
       language_version: python3
   - repo: https://github.com/codespell-project/codespell
-    rev: v2.2.2
+    rev: v2.3.0
     hooks:
       - id: codespell
         args: [--ignore-words=docs/codespell-ignore-words.txt]
diff --git a/dissect/cobaltstrike/artifact.py b/dissect/cobaltstrike/artifact.py
@@ -3,6 +3,9 @@
 
 .. _ArtifactKit: https://www.cobaltstrike.com/blog/what-is-a-stageless-payload-artifact/
 """
+
+from __future__ import annotations
+
 import contextlib
 import io
 import logging

diff --git a/dissect/cobaltstrike/beacon.py b/dissect/cobaltstrike/beacon.py
@@ -1,18 +1,25 @@
 """
 This module is responsible for extracting and parsing configuration from Cobalt Strike beacon payloads.
 """
+
+from __future__ import annotations
+
 import collections
 import functools
 import hashlib
 import io
 import ipaddress
 import itertools
 import logging
-import os
 import sys
 import time
 from collections import OrderedDict
 from types import MappingProxyType
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+    from os import PathLike
+
 from typing import (
     Any,
     BinaryIO,
@@ -453,7 +460,6 @@ def parse_recover_binary(program: bytes) -> List[Tuple[str, Union[int, bool]]]:
             break
         else:
             logger.error("Unknown recover step {}".format(step))
-            pass
     return rsteps
 
 
@@ -628,7 +634,7 @@ def null_terminated_str(data: bytes) -> str:
     BeaconSetting.SETTING_DNSRESOLVER: null_terminated_str,
     BeaconSetting.SETTING_DNS_IDLE: lambda x: str(ipaddress.IPv4Address(x)),
     BeaconSetting.SETTING_WATERMARKHASH: lambda x: null_terminated_bytes(x) if isinstance(x, bytes) else x,
-    BeaconSetting.SETTING_MASKED_WATERMARK: lambda x: x.hex()
+    BeaconSetting.SETTING_MASKED_WATERMARK: lambda x: x.hex(),
     # BeaconSetting.SETTING_PROTOCOL: lambda x: BeaconProtocol(x).name,
     # BeaconSetting.SETTING_CRYPTO_SCHEME: lambda x: CryptoScheme(x).name,
     # BeaconSetting.SETTING_PROXY_BEHAVIOR: lambda x: ProxyServer(x).name,
@@ -709,7 +715,7 @@ def from_file(cls, fobj: BinaryIO, xor_keys: List[bytes] = None, all_xor_keys: b
     @classmethod
     def from_path(
         cls,
-        path: Union[str, os.PathLike],
+        path: Union[str, PathLike],
         xor_keys: List[bytes] = None,
         all_xor_keys: bool = False,
     ) -> "BeaconConfig":

diff --git a/dissect/cobaltstrike/c2.py b/dissect/cobaltstrike/c2.py
@@ -1,7 +1,10 @@
 """
 This module is responsible for working with Cobalt Strike C2 traffic.
 """
+
 # Python imports
+from __future__ import annotations
+
 import base64
 import hashlib
 import hmac
@@ -29,7 +32,7 @@
     raise ImportError("flow.record is required for logging C2 packet records, install with `pip install flow.record`")
 
 # Local imports
-from dissect.cobaltstrike.beacon import BeaconConfig
+from dissect.cobaltstrike.beacon import BeaconConfig  # noqa: TCH001
 from dissect.cobaltstrike.c_c2 import (  # noqa: F401
     BeaconCallback,
     BeaconCommand,
@@ -319,12 +322,10 @@ def transform(self, c2data: C2Data, request: Optional[HttpRequest] = None) -> Ht
         return request._replace(body=body, params=params, uri=uri, headers=headers)
 
     @overload
-    def recover(self, http: HttpRequest) -> ClientC2Data:
-        ...
+    def recover(self, http: HttpRequest) -> ClientC2Data: ...
 
     @overload
-    def recover(self, http: HttpResponse) -> ServerC2Data:
-        ...
+    def recover(self, http: HttpResponse) -> ServerC2Data: ...
 
     def recover(self, http: Union[HttpRequest, HttpResponse]) -> Union[ClientC2Data, ServerC2Data]:
         """Recovers the transformed data in `http` object and returns a C2Data namedtuple.

diff --git a/dissect/cobaltstrike/c2profile.py b/dissect/cobaltstrike/c2profile.py
@@ -2,10 +2,17 @@
 This module is responsible for parsing and generating Cobalt Strike Malleable C2 profiles.
 It uses the `lark-parser` library for parsing the syntax using the ``c2profile.lark`` grammar file.
 """
+
+from __future__ import annotations
+
 import collections
 import logging
-import os
 import sys
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+    from os import PathLike
+
 from typing import Any, List, Tuple, Union
 
 from lark import Lark, Token, Tree
@@ -370,7 +377,7 @@ def set_option(self, option, value):
         )
 
     @classmethod
-    def from_path(cls, path: Union[str, os.PathLike]) -> "C2Profile":
+    def from_path(cls, path: Union[str, PathLike]) -> "C2Profile":
         """Construct a :class:`C2Profile` from given path (path to a malleable C2 profile)"""
         with open(path, "r") as f:
             return cls.from_text(f.read())

diff --git a/dissect/cobaltstrike/c_c2.py b/dissect/cobaltstrike/c_c2.py
@@ -2,6 +2,7 @@
 Structure definitions and classes for dealing with Cobalt Strike C2 packets.
 Mainly used by :mod:`dissect.cobaltstrike.c2`.
 """
+
 from enum import IntEnum
 
 from dissect import cstruct

diff --git a/dissect/cobaltstrike/client.py b/dissect/cobaltstrike/client.py
@@ -9,6 +9,8 @@
 """
 
 # Python imports
+from __future__ import annotations
+
 import argparse
 import datetime
 import hashlib
@@ -227,7 +229,7 @@ def run(
 
         # The Beacon Session keys (AES and HMAC) are derived from `aes_rand` bytes.
         #   Beacon Session keys are persistent on the Team Server, so to make check-in and responses repeatable for the
-        #   same `beacon_id` we use a deterministic `aes_rand`` here so we can re-use the same keys.
+        #   same `beacon_id` we use a deterministic `aes_rand`` here so we can reuse the same keys.
         random.seed(self.beacon_id ^ 0xACCE55ED)
         self.aes_rand = random.getrandbits(128).to_bytes(16, "big")
 

diff --git a/dissect/cobaltstrike/pcap.py b/dissect/cobaltstrike/pcap.py
@@ -1,8 +1,10 @@
+from __future__ import annotations
+
 import argparse
 import logging
 import os
 import sys
-from typing import Iterator, Optional, Tuple
+from typing import TYPE_CHECKING, Iterator, Optional, Tuple
 
 from dissect.cobaltstrike import utils
 from dissect.cobaltstrike.beacon import BeaconConfig
@@ -31,7 +33,9 @@
 
 try:
     from pyshark import FileCapture
-    from pyshark.packet.packet import Packet
+
+    if TYPE_CHECKING:
+        from pyshark.packet.packet import Packet
 except ImportError:
     raise ImportError("pyshark is required for PCAP parsing, please install it with `pip install pyshark`")
 

diff --git a/dissect/cobaltstrike/pe.py b/dissect/cobaltstrike/pe.py
@@ -1,6 +1,9 @@
 """
 This module contains helper functions for parsing PE files, mainly for extracting Beacon specific PE artifacts.
 """
+
+from __future__ import annotations
+
 import io
 import logging
 from typing import BinaryIO, Optional, Tuple

diff --git a/dissect/cobaltstrike/utils.py b/dissect/cobaltstrike/utils.py
@@ -1,6 +1,7 @@
 """
 This module contains generic helper functions used by ``dissect.cobaltstrike``.
 """
+
 import errno
 import io
 import os

diff --git a/dissect/cobaltstrike/version.py b/dissect/cobaltstrike/version.py
@@ -9,6 +9,8 @@
     version estimate.
 """
 
+from __future__ import annotations
+
 import datetime
 import re
 from typing import Dict, Optional, Tuple, Union

diff --git a/dissect/cobaltstrike/xordecode.py b/dissect/cobaltstrike/xordecode.py
@@ -2,13 +2,19 @@
 This module is responsible for decoding XorEncoded Cobalt Strike payloads.
 Not to be confused with the single byte XOR key that is used to obfuscate the beacon configuration block.
 """
+
+from __future__ import annotations
+
 import collections
 import contextlib
 import io
 import logging
-import os
 import sys
-from typing import BinaryIO, Iterator, Union, cast
+from typing import TYPE_CHECKING, BinaryIO, cast
+
+if TYPE_CHECKING:
+    from os import PathLike
+    from typing import Iterator, Union
 
 from dissect.cobaltstrike.utils import catch_sigpipe, iter_find_needle, u32, xor
 
@@ -118,7 +124,7 @@ def from_file(cls, fh: BinaryIO, maxrange: int = 1024) -> "XorEncodedFile":
         raise ValueError(f"MZ header not found for: {fh}")
 
     @classmethod
-    def from_path(cls, path: Union[str, os.PathLike], maxrange: int = 1024) -> "XorEncodedFile":
+    def from_path(cls, path: Union[str, PathLike], maxrange: int = 1024) -> "XorEncodedFile":
         """Constructs a :class:`XorEncodedFile` from path `path`.
 
         This is more of a convenience method as it calls :meth:`XorEncodedFile.from_file` under the hood.

diff --git a/pyproject.toml b/pyproject.toml
@@ -11,7 +11,7 @@ color = true
 
 [tool.ruff]
 line-length = 120
-select = [
+lint.select = [
     "F",    # Pyflakes
     "E",    # pycodestyle
     "W",    # pycodestyle

diff --git a/tests/test_beacon.py b/tests/test_beacon.py
@@ -135,7 +135,7 @@ def test_setting_useragent_edgecase():
     )
     config = beacon.BeaconConfig(bytes.fromhex(data))
 
-    ua = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)"  # noqa: 501
+    ua = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)"  # noqa: E501
     assert config.settings["SETTING_USERAGENT"] == ua
     assert config.settings["SETTING_SUBMITURI"] == "/search"