Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

clsid: add tag to select suspicious CLSIDs #832

Open
decalage2 opened this issue Nov 6, 2023 · 0 comments
Open

clsid: add tag to select suspicious CLSIDs #832

decalage2 opened this issue Nov 6, 2023 · 0 comments
Assignees
@decalage2
Labels
clsid common.clsid module 👍 enhancement
Milestone
Next Release

Comments

@decalage2
Copy link
Owner

decalage2 commented Nov 6, 2023
edited

For each CLSID, we could add a tag to show if it is suspicious (e.g. related to a CVE or a Package object). This would require to change the format of the dict to have multiple values, either a tuple or an object. In this case, need to keep a copy of KNOWN_CLSIDS with the current format, for backwards compatibility.

Alternative: add a function is_suspicious which just checks the description string for the presence of the keywords "CVE" or "package". Or add text tags inside the description string, such as "[SUSPICIOUS]".
@decalage2 decalage2 added 👍 enhancement clsid common.clsid module labels Nov 6, 2023
@decalage2 decalage2 added this to the Next Release milestone Nov 6, 2023
@decalage2 decalage2 self-assigned this Nov 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@decalage2 decalage2

Labels
clsid common.clsid module 👍 enhancement
Projects
None yet
Milestone
Next Release
Development

No branches or pull requests
1 participant
@decalage2