From 959e67085b3f36cd1c1d51186c7e86a9f225d00f Mon Sep 17 00:00:00 2001
From: Max Altgelt <max.altgelt@nextron-systems.com>
Date: Wed, 2 Jul 2025 15:52:57 +0200
Subject: [PATCH] chore: consistent casing

---
 thorlog/parser/parser_test.go |  4 ++--
 thorlog/v3/amcache.go         |  2 +-
 thorlog/v3/antivirus.go       |  4 ++--
 thorlog/v3/atjob.go           |  2 +-
 thorlog/v3/crontab.go         | 14 +++++++-------
 thorlog/v3/dnscache.go        |  2 +-
 thorlog/v3/event_test.go      |  2 +-
 thorlog/v3/jumplist.go        |  2 +-
 thorlog/v3/kernelmodule.go    |  2 +-
 thorlog/v3/lsasession.go      |  2 +-
 thorlog/v3/permissions.go     |  4 ++--
 thorlog/v3/sdb.go             |  2 +-
 thorlog/v3/service.go         |  2 +-
 thorlog/v3/shimcache.go       |  4 ++--
 thorlog/v3/sparsedata.go      |  2 +-
 thorlog/v3/users.go           |  4 ++--
 thorlog/v3/webhistory.go      |  4 ++--
 17 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/thorlog/parser/parser_test.go b/thorlog/parser/parser_test.go
index 6316adb..418df90 100644
--- a/thorlog/parser/parser_test.go
+++ b/thorlog/parser/parser_test.go
@@ -130,7 +130,7 @@ func TestParseEvent(t *testing.T) {
 		},
 		{
 			"JsonV3Finding",
-			`{"type":"THOR finding","meta":{"time":"2024-09-24T14:18:46.190394329+02:00","level":"Alert","module":"Test","scan_id":"abdc","event_id":"abdas","hostname":"aserarsd"},"message":"This is a test finding","subject":{"type":"file","path":"path/to/file"},"score":70,"reasons":[{"type":"reason","summary":"Reason 1","signature":{"score":70,"ref":null,"origin":"internal","kind":""},"matched":null}],"reason_count":0,"context":[{"object":{"type":"At Job"},"relation":"","unique":false}],"log_version":"v3"}`,
+			`{"type":"THOR finding","meta":{"time":"2024-09-24T14:18:46.190394329+02:00","level":"Alert","module":"Test","scan_id":"abdc","event_id":"abdas","hostname":"aserarsd"},"message":"This is a test finding","subject":{"type":"file","path":"path/to/file"},"score":70,"reasons":[{"type":"reason","summary":"Reason 1","signature":{"score":70,"ref":null,"origin":"internal","kind":""},"matched":null}],"reason_count":0,"context":[{"object":{"type":"at job"},"relation":"","unique":false}],"log_version":"v3"}`,
 			&thorlog.Finding{
 				ObjectHeader: jsonlog.ObjectHeader{
 					Type: "THOR finding",
@@ -168,7 +168,7 @@ func TestParseEvent(t *testing.T) {
 					{
 						Object: &thorlog.AtJob{
 							ObjectHeader: jsonlog.ObjectHeader{
-								Type: "At Job",
+								Type: "at job",
 							},
 						},
 					},
diff --git a/thorlog/v3/amcache.go b/thorlog/v3/amcache.go
index 5352b7e..e22ab8a 100644
--- a/thorlog/v3/amcache.go
+++ b/thorlog/v3/amcache.go
@@ -19,7 +19,7 @@ type AmcacheEntry struct {
 	Company  string    `json:"company" textlog:"company"`
 }
 
-const typeAmcacheEntry = "Amcache Entry"
+const typeAmcacheEntry = "AmCache entry"
 
 func init() { AddLogObjectType(typeAmcacheEntry, &AmcacheEntry{}) }
 
diff --git a/thorlog/v3/antivirus.go b/thorlog/v3/antivirus.go
index 8b83eed..03a0074 100644
--- a/thorlog/v3/antivirus.go
+++ b/thorlog/v3/antivirus.go
@@ -15,7 +15,7 @@ type AntiVirusProduct struct {
 
 func (AntiVirusProduct) reportable() {}
 
-const typeAntiVirusProduct = "Antivirus product"
+const typeAntiVirusProduct = "antivirus product"
 
 func init() { AddLogObjectType(typeAntiVirusProduct, &AntiVirusProduct{}) }
 
@@ -37,7 +37,7 @@ type AntiVirusExclude struct {
 
 func (AntiVirusExclude) reportable() {}
 
-const typeAntiVirusExclude = "Antivirus exclusion"
+const typeAntiVirusExclude = "antivirus exclusion"
 
 func init() { AddLogObjectType(typeAntiVirusExclude, &AntiVirusExclude{}) }
 
diff --git a/thorlog/v3/atjob.go b/thorlog/v3/atjob.go
index f1b5c19..0e0c1cb 100644
--- a/thorlog/v3/atjob.go
+++ b/thorlog/v3/atjob.go
@@ -16,7 +16,7 @@ type AtJob struct {
 	Image     *File  `json:"image" textlog:"image,expand"`
 }
 
-const typeAtJob = "At Job"
+const typeAtJob = "at job"
 
 func init() { AddLogObjectType(typeAtJob, &AtJob{}) }
 
diff --git a/thorlog/v3/crontab.go b/thorlog/v3/crontab.go
index f1482aa..022e3db 100644
--- a/thorlog/v3/crontab.go
+++ b/thorlog/v3/crontab.go
@@ -1,6 +1,6 @@
 package thorlog
 
-type Cronjob struct {
+type CronJob struct {
 	LogObjectHeader
 
 	File     string `json:"file" textlog:"file"`
@@ -9,16 +9,16 @@ type Cronjob struct {
 	Command  string `json:"command" textlog:"command"`
 }
 
-func (Cronjob) reportable() {}
+func (CronJob) reportable() {}
 
-const typeCronjob = "cronjob"
+const typeCronJob = "cron job"
 
-func init() { AddLogObjectType(typeCronjob, &Cronjob{}) }
+func init() { AddLogObjectType(typeCronJob, &CronJob{}) }
 
-func NewCronjob() *Cronjob {
-	return &Cronjob{
+func NewCronjob() *CronJob {
+	return &CronJob{
 		LogObjectHeader: LogObjectHeader{
-			Type: typeCronjob,
+			Type: typeCronJob,
 		},
 	}
 }
diff --git a/thorlog/v3/dnscache.go b/thorlog/v3/dnscache.go
index 1a39004..0f44506 100644
--- a/thorlog/v3/dnscache.go
+++ b/thorlog/v3/dnscache.go
@@ -8,7 +8,7 @@ type DnsCacheEntry struct {
 
 func (DnsCacheEntry) reportable() {}
 
-const typeDnsCacheEntry = "DNSCache entry"
+const typeDnsCacheEntry = "DNS cache entry"
 
 func init() { AddLogObjectType(typeDnsCacheEntry, &DnsCacheEntry{}) }
 
diff --git a/thorlog/v3/event_test.go b/thorlog/v3/event_test.go
index 658d81b..f229773 100644
--- a/thorlog/v3/event_test.go
+++ b/thorlog/v3/event_test.go
@@ -134,7 +134,7 @@ func TestFinding_UnmarshalJSON(t *testing.T) {
 }
 
 func TestFinding_UnmarshalIssue(t *testing.T) {
-	finding := `{"type":"THOR finding","meta":{"time":"2025-07-01T12:05:12.993789131+02:00","level":"Info","module":"ProcessCheck","scan_id":"S-pSxgCmyvvfs","event_id":"","hostname":"dummy"},"message":"process found","subject":{"type":"process","pid":502168,"name":"chromium","command":"/usr/lib/chromium/chromium","owner":"owner","image":{"type":"file","path":"/usr/lib/chromium/chromium","exists":"yes","extension":"","magic_header":"ELF","hashes":{"md5":"fc04ee20f064adc18e370c22512e268e","sha1":"2c8b7d05d25e04db9c169ce85e8e8f84321ef0c8","sha256":"0cf1727aa8dc3995d5aa103001f656b8ee8a1b3ffbc6d8664c5ad95cf225771f"},"first_bytes":{"hex":"7f454c4602010100000000000000000003003e00","ascii":"ELF\u003e"},"file_times":{"modified":"2025-06-25T19:45:43+02:00","accessed":"2025-07-01T08:46:56.750309598+02:00","changed":"2025-06-26T08:39:59.980605063+02:00"},"size":252546120,"permissions":{"type":"unix permissions","owner":"root","group":"root","permissions":{"user":{"readable":true,"writable":true,"executable":true},"group":{"readable":true,"writable":false,"executable":true},"world":{"readable":true,"writable":false,"executable":true}}}},"parent_info":{"pid":9011,"exe":"/usr/lib/chromium/chromium","command":"/usr/lib/chromium/chromium"},"tree":["/usr/lib/chromium/chromium","/usr/lib/chromium/chromium"],"created":"2025-07-01T12:00:05+02:00","session":"","listen_ports":null,"connections":[]},"score":0,"reasons":null,"reason_count":0,"context":null,"issues":[{"affected":"/subject/sections","category":"truncated","description":"Removed some sections from process memory (originally 638)"}],"log_version":"v3.0.0"}`
+	finding := `{"type":"THOR finding","meta":{"time":"2025-07-01T12:05:12.993789131+02:00","level":"Info","module":"ProcessCheck","scan_id":"S-pSxgCmyvvfs","event_id":"","hostname":"dummy"},"message":"process found","subject":{"type":"process","pid":502168,"name":"chromium","command":"/usr/lib/chromium/chromium","owner":"owner","image":{"type":"file","path":"/usr/lib/chromium/chromium","exists":"yes","extension":"","magic_header":"ELF","hashes":{"md5":"fc04ee20f064adc18e370c22512e268e","sha1":"2c8b7d05d25e04db9c169ce85e8e8f84321ef0c8","sha256":"0cf1727aa8dc3995d5aa103001f656b8ee8a1b3ffbc6d8664c5ad95cf225771f"},"first_bytes":{"hex":"7f454c4602010100000000000000000003003e00","ascii":"ELF\u003e"},"file_times":{"modified":"2025-06-25T19:45:43+02:00","accessed":"2025-07-01T08:46:56.750309598+02:00","changed":"2025-06-26T08:39:59.980605063+02:00"},"size":252546120,"permissions":{"type":"Unix permissions","owner":"root","group":"root","permissions":{"user":{"readable":true,"writable":true,"executable":true},"group":{"readable":true,"writable":false,"executable":true},"world":{"readable":true,"writable":false,"executable":true}}}},"parent_info":{"pid":9011,"exe":"/usr/lib/chromium/chromium","command":"/usr/lib/chromium/chromium"},"tree":["/usr/lib/chromium/chromium","/usr/lib/chromium/chromium"],"created":"2025-07-01T12:00:05+02:00","session":"","listen_ports":null,"connections":[]},"score":0,"reasons":null,"reason_count":0,"context":null,"issues":[{"affected":"/subject/sections","category":"truncated","description":"Removed some sections from process memory (originally 638)"}],"log_version":"v3.0.0"}`
 	var findingObj Finding
 	if err := json.Unmarshal([]byte(finding), &findingObj); err != nil {
 		t.Fatalf("Failed to unmarshal finding: %v", err)
diff --git a/thorlog/v3/jumplist.go b/thorlog/v3/jumplist.go
index 45aabe7..bf00e26 100644
--- a/thorlog/v3/jumplist.go
+++ b/thorlog/v3/jumplist.go
@@ -24,7 +24,7 @@ type JumplistEntry struct {
 
 func (JumplistEntry) reportable() {}
 
-const typeJumplistEntry = "jumplist entry"
+const typeJumplistEntry = "jump list entry"
 
 func init() { AddLogObjectType(typeJumplistEntry, &JumplistEntry{}) }
 
diff --git a/thorlog/v3/kernelmodule.go b/thorlog/v3/kernelmodule.go
index 12c427a..2e01002 100644
--- a/thorlog/v3/kernelmodule.go
+++ b/thorlog/v3/kernelmodule.go
@@ -21,7 +21,7 @@ type LinuxKernelModule struct {
 
 func (LinuxKernelModule) reportable() {}
 
-const typeLinuxKernelModule = "Linux Kernel Module"
+const typeLinuxKernelModule = "Linux kernel module"
 
 func NewLinuxKernelModule(name string) *LinuxKernelModule {
 	return &LinuxKernelModule{
diff --git a/thorlog/v3/lsasession.go b/thorlog/v3/lsasession.go
index f6ad5fa..4f65b49 100644
--- a/thorlog/v3/lsasession.go
+++ b/thorlog/v3/lsasession.go
@@ -18,7 +18,7 @@ type LsaSession struct {
 
 func (LsaSession) reportable() {}
 
-const typeLsaSession = "lsa session"
+const typeLsaSession = "LSA session"
 
 func init() { AddLogObjectType(typeLsaSession, &LsaSession{}) }
 
diff --git a/thorlog/v3/permissions.go b/thorlog/v3/permissions.go
index 34dbf16..d192a2e 100644
--- a/thorlog/v3/permissions.go
+++ b/thorlog/v3/permissions.go
@@ -72,7 +72,7 @@ func (r RwxPermissions) String() string {
 	return s.String()
 }
 
-const typeUnixPermissions = "unix permissions"
+const typeUnixPermissions = "Unix permissions"
 
 func init() { AddLogObjectType(typeUnixPermissions, &UnixPermissions{}) }
 
@@ -149,7 +149,7 @@ func (a AclAccess) JSONSchemaAlias() any {
 	return ""
 }
 
-const typeWindowsPermissions = "windows permissions"
+const typeWindowsPermissions = "Windows permissions"
 
 func init() { AddLogObjectType(typeWindowsPermissions, &WindowsPermissions{}) }
 
diff --git a/thorlog/v3/sdb.go b/thorlog/v3/sdb.go
index 7d0174c..18acd6c 100644
--- a/thorlog/v3/sdb.go
+++ b/thorlog/v3/sdb.go
@@ -14,7 +14,7 @@ type SdbEntry struct {
 
 func (SdbEntry) reportable() {}
 
-const typeSdbEntry = "Shim Database entry"
+const typeSdbEntry = "shim database entry"
 
 func init() { AddLogObjectType(typeSdbEntry, &SdbEntry{}) }
 
diff --git a/thorlog/v3/service.go b/thorlog/v3/service.go
index 8e87ff1..335a2b5 100644
--- a/thorlog/v3/service.go
+++ b/thorlog/v3/service.go
@@ -66,7 +66,7 @@ type WindowsService struct {
 
 func (WindowsService) reportable() {}
 
-const typeWindowsService = "windows service"
+const typeWindowsService = "Windows service"
 
 func init() { AddLogObjectType(typeWindowsService, &WindowsService{}) }
 
diff --git a/thorlog/v3/shimcache.go b/thorlog/v3/shimcache.go
index 9f70279..8d23b13 100644
--- a/thorlog/v3/shimcache.go
+++ b/thorlog/v3/shimcache.go
@@ -17,7 +17,7 @@ type ShimCacheEntry struct {
 
 func (ShimCacheEntry) reportable() {}
 
-const typeShimCacheEntry = "SHIM cache entry"
+const typeShimCacheEntry = "shim cache entry"
 
 func init() { AddLogObjectType(typeShimCacheEntry, &ShimCacheEntry{}) }
 
@@ -40,7 +40,7 @@ type ShimCache struct {
 
 func (ShimCache) reportable() {}
 
-const typeShimCache = "SHIM cache"
+const typeShimCache = "shim cache"
 
 func init() { AddLogObjectType(typeShimCache, &ShimCache{}) }
 
diff --git a/thorlog/v3/sparsedata.go b/thorlog/v3/sparsedata.go
index db45404..de863ec 100644
--- a/thorlog/v3/sparsedata.go
+++ b/thorlog/v3/sparsedata.go
@@ -73,7 +73,7 @@ func (s InvalidUnicodeString) MarshalJSON() ([]byte, error) {
 
 var escaper = strings.NewReplacer("\\", "\\\\", "\"", "\\\"")
 
-const typeSparseData = "sparsedata"
+const typeSparseData = "sparse data"
 
 func init() { AddLogObjectType(typeSparseData, &SparseData{}) }
 
diff --git a/thorlog/v3/users.go b/thorlog/v3/users.go
index 39d6fcd..56b2c9e 100644
--- a/thorlog/v3/users.go
+++ b/thorlog/v3/users.go
@@ -69,7 +69,7 @@ type UnixUser struct {
 
 func (UnixUser) reportable() {}
 
-const typeUnixUser = "unix user"
+const typeUnixUser = "Unix user"
 
 func init() { AddLogObjectType(typeUnixUser, &UnixUser{}) }
 
@@ -100,7 +100,7 @@ type WindowsUser struct {
 
 func (WindowsUser) reportable() {}
 
-const typeWindowsUser = "windows user"
+const typeWindowsUser = "Windows user"
 
 func init() { AddLogObjectType(typeWindowsUser, &WindowsUser{}) }
 
diff --git a/thorlog/v3/webhistory.go b/thorlog/v3/webhistory.go
index 5817a1b..c14ad7e 100644
--- a/thorlog/v3/webhistory.go
+++ b/thorlog/v3/webhistory.go
@@ -23,7 +23,7 @@ type WebDownload struct {
 
 func (WebDownload) reportable() {}
 
-const typeWebDownload = "Web Download"
+const typeWebDownload = "web download"
 
 func init() { AddLogObjectType(typeWebDownload, &WebDownload{}) }
 
@@ -49,7 +49,7 @@ type WebPageVisit struct {
 
 func (WebPageVisit) reportable() {}
 
-const typeWebVisit = "Web Page Visit"
+const typeWebVisit = "web page visit"
 
 func init() { AddLogObjectType(typeWebVisit, &WebPageVisit{}) }