Skip to content

chore: consistent casing #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
secDre4mer merged 1 commit into from
Jul 3, 2025
Merged

chore: consistent casing #34

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions thorlog/parser/parser_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ func TestParseEvent(t *testing.T) {
},
{
"JsonV3Finding",
`{"type":"THOR finding","meta":{"time":"2024-09-24T14:18:46.190394329+02:00","level":"Alert","module":"Test","scan_id":"abdc","event_id":"abdas","hostname":"aserarsd"},"message":"This is a test finding","subject":{"type":"file","path":"path/to/file"},"score":70,"reasons":[{"type":"reason","summary":"Reason 1","signature":{"score":70,"ref":null,"origin":"internal","kind":""},"matched":null}],"reason_count":0,"context":[{"object":{"type":"At Job"},"relation":"","unique":false}],"log_version":"v3"}`,
`{"type":"THOR finding","meta":{"time":"2024-09-24T14:18:46.190394329+02:00","level":"Alert","module":"Test","scan_id":"abdc","event_id":"abdas","hostname":"aserarsd"},"message":"This is a test finding","subject":{"type":"file","path":"path/to/file"},"score":70,"reasons":[{"type":"reason","summary":"Reason 1","signature":{"score":70,"ref":null,"origin":"internal","kind":""},"matched":null}],"reason_count":0,"context":[{"object":{"type":"at job"},"relation":"","unique":false}],"log_version":"v3"}`,
&thorlog.Finding{
ObjectHeader: jsonlog.ObjectHeader{
Type: "THOR finding",
Expand Down Expand Up @@ -168,7 +168,7 @@ func TestParseEvent(t *testing.T) {
{
Object: &thorlog.AtJob{
ObjectHeader: jsonlog.ObjectHeader{
Type: "At Job",
Type: "at job",
},
},
},
Expand Down
2 changes: 1 addition & 1 deletion thorlog/v3/amcache.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ type AmcacheEntry struct {
Company string `json:"company" textlog:"company"`
}

const typeAmcacheEntry = "Amcache Entry"
const typeAmcacheEntry = "AmCache entry"

func init() { AddLogObjectType(typeAmcacheEntry, &AmcacheEntry{}) }

Expand Down
4 changes: 2 additions & 2 deletions thorlog/v3/antivirus.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ type AntiVirusProduct struct {

func (AntiVirusProduct) reportable() {}

const typeAntiVirusProduct = "Antivirus product"
const typeAntiVirusProduct = "antivirus product"

func init() { AddLogObjectType(typeAntiVirusProduct, &AntiVirusProduct{}) }

Expand All @@ -37,7 +37,7 @@ type AntiVirusExclude struct {

func (AntiVirusExclude) reportable() {}

const typeAntiVirusExclude = "Antivirus exclusion"
const typeAntiVirusExclude = "antivirus exclusion"

func init() { AddLogObjectType(typeAntiVirusExclude, &AntiVirusExclude{}) }

Expand Down
2 changes: 1 addition & 1 deletion thorlog/v3/atjob.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ type AtJob struct {
Image *File `json:"image" textlog:"image,expand"`
}

const typeAtJob = "At Job"
const typeAtJob = "at job"

func init() { AddLogObjectType(typeAtJob, &AtJob{}) }

Expand Down
14 changes: 7 additions & 7 deletions thorlog/v3/crontab.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
package thorlog

type Cronjob struct {
type CronJob struct {
LogObjectHeader

File string `json:"file" textlog:"file"`
Expand All @@ -9,16 +9,16 @@ type Cronjob struct {
Command string `json:"command" textlog:"command"`
}

func (Cronjob) reportable() {}
func (CronJob) reportable() {}

const typeCronjob = "cronjob"
const typeCronJob = "cron job"

func init() { AddLogObjectType(typeCronjob, &Cronjob{}) }
func init() { AddLogObjectType(typeCronJob, &CronJob{}) }

func NewCronjob() *Cronjob {
return &Cronjob{
func NewCronjob() *CronJob {
return &CronJob{
LogObjectHeader: LogObjectHeader{
Type: typeCronjob,
Type: typeCronJob,
},
}
}
2 changes: 1 addition & 1 deletion thorlog/v3/dnscache.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ type DnsCacheEntry struct {

func (DnsCacheEntry) reportable() {}

const typeDnsCacheEntry = "DNSCache entry"
const typeDnsCacheEntry = "DNS cache entry"

func init() { AddLogObjectType(typeDnsCacheEntry, &DnsCacheEntry{}) }

Expand Down
2 changes: 1 addition & 1 deletion thorlog/v3/event_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ func TestFinding_UnmarshalJSON(t *testing.T) {
}

func TestFinding_UnmarshalIssue(t *testing.T) {
finding := `{"type":"THOR finding","meta":{"time":"2025-07-01T12:05:12.993789131+02:00","level":"Info","module":"ProcessCheck","scan_id":"S-pSxgCmyvvfs","event_id":"","hostname":"dummy"},"message":"process found","subject":{"type":"process","pid":502168,"name":"chromium","command":"/usr/lib/chromium/chromium","owner":"owner","image":{"type":"file","path":"/usr/lib/chromium/chromium","exists":"yes","extension":"","magic_header":"ELF","hashes":{"md5":"fc04ee20f064adc18e370c22512e268e","sha1":"2c8b7d05d25e04db9c169ce85e8e8f84321ef0c8","sha256":"0cf1727aa8dc3995d5aa103001f656b8ee8a1b3ffbc6d8664c5ad95cf225771f"},"first_bytes":{"hex":"7f454c4602010100000000000000000003003e00","ascii":"ELF\u003e"},"file_times":{"modified":"2025-06-25T19:45:43+02:00","accessed":"2025-07-01T08:46:56.750309598+02:00","changed":"2025-06-26T08:39:59.980605063+02:00"},"size":252546120,"permissions":{"type":"unix permissions","owner":"root","group":"root","permissions":{"user":{"readable":true,"writable":true,"executable":true},"group":{"readable":true,"writable":false,"executable":true},"world":{"readable":true,"writable":false,"executable":true}}}},"parent_info":{"pid":9011,"exe":"/usr/lib/chromium/chromium","command":"/usr/lib/chromium/chromium"},"tree":["/usr/lib/chromium/chromium","/usr/lib/chromium/chromium"],"created":"2025-07-01T12:00:05+02:00","session":"","listen_ports":null,"connections":[]},"score":0,"reasons":null,"reason_count":0,"context":null,"issues":[{"affected":"/subject/sections","category":"truncated","description":"Removed some sections from process memory (originally 638)"}],"log_version":"v3.0.0"}`
finding := `{"type":"THOR finding","meta":{"time":"2025-07-01T12:05:12.993789131+02:00","level":"Info","module":"ProcessCheck","scan_id":"S-pSxgCmyvvfs","event_id":"","hostname":"dummy"},"message":"process found","subject":{"type":"process","pid":502168,"name":"chromium","command":"/usr/lib/chromium/chromium","owner":"owner","image":{"type":"file","path":"/usr/lib/chromium/chromium","exists":"yes","extension":"","magic_header":"ELF","hashes":{"md5":"fc04ee20f064adc18e370c22512e268e","sha1":"2c8b7d05d25e04db9c169ce85e8e8f84321ef0c8","sha256":"0cf1727aa8dc3995d5aa103001f656b8ee8a1b3ffbc6d8664c5ad95cf225771f"},"first_bytes":{"hex":"7f454c4602010100000000000000000003003e00","ascii":"ELF\u003e"},"file_times":{"modified":"2025-06-25T19:45:43+02:00","accessed":"2025-07-01T08:46:56.750309598+02:00","changed":"2025-06-26T08:39:59.980605063+02:00"},"size":252546120,"permissions":{"type":"Unix permissions","owner":"root","group":"root","permissions":{"user":{"readable":true,"writable":true,"executable":true},"group":{"readable":true,"writable":false,"executable":true},"world":{"readable":true,"writable":false,"executable":true}}}},"parent_info":{"pid":9011,"exe":"/usr/lib/chromium/chromium","command":"/usr/lib/chromium/chromium"},"tree":["/usr/lib/chromium/chromium","/usr/lib/chromium/chromium"],"created":"2025-07-01T12:00:05+02:00","session":"","listen_ports":null,"connections":[]},"score":0,"reasons":null,"reason_count":0,"context":null,"issues":[{"affected":"/subject/sections","category":"truncated","description":"Removed some sections from process memory (originally 638)"}],"log_version":"v3.0.0"}`
var findingObj Finding
if err := json.Unmarshal([]byte(finding), &findingObj); err != nil {
t.Fatalf("Failed to unmarshal finding: %v", err)
Expand Down
2 changes: 1 addition & 1 deletion thorlog/v3/jumplist.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ type JumplistEntry struct {

func (JumplistEntry) reportable() {}

const typeJumplistEntry = "jumplist entry"
const typeJumplistEntry = "jump list entry"

func init() { AddLogObjectType(typeJumplistEntry, &JumplistEntry{}) }

Expand Down
2 changes: 1 addition & 1 deletion thorlog/v3/kernelmodule.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ type LinuxKernelModule struct {

func (LinuxKernelModule) reportable() {}

const typeLinuxKernelModule = "Linux Kernel Module"
const typeLinuxKernelModule = "Linux kernel module"

func NewLinuxKernelModule(name string) *LinuxKernelModule {
return &LinuxKernelModule{
Expand Down
2 changes: 1 addition & 1 deletion thorlog/v3/lsasession.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ type LsaSession struct {

func (LsaSession) reportable() {}

const typeLsaSession = "lsa session"
const typeLsaSession = "LSA session"

func init() { AddLogObjectType(typeLsaSession, &LsaSession{}) }

Expand Down
4 changes: 2 additions & 2 deletions thorlog/v3/permissions.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ func (r RwxPermissions) String() string {
return s.String()
}

const typeUnixPermissions = "unix permissions"
const typeUnixPermissions = "Unix permissions"

func init() { AddLogObjectType(typeUnixPermissions, &UnixPermissions{}) }

Expand Down Expand Up @@ -149,7 +149,7 @@ func (a AclAccess) JSONSchemaAlias() any {
return ""
}

const typeWindowsPermissions = "windows permissions"
const typeWindowsPermissions = "Windows permissions"

func init() { AddLogObjectType(typeWindowsPermissions, &WindowsPermissions{}) }

Expand Down
2 changes: 1 addition & 1 deletion thorlog/v3/sdb.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ type SdbEntry struct {

func (SdbEntry) reportable() {}

const typeSdbEntry = "Shim Database entry"
const typeSdbEntry = "shim database entry"

func init() { AddLogObjectType(typeSdbEntry, &SdbEntry{}) }

Expand Down
2 changes: 1 addition & 1 deletion thorlog/v3/service.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ type WindowsService struct {

func (WindowsService) reportable() {}

const typeWindowsService = "windows service"
const typeWindowsService = "Windows service"

func init() { AddLogObjectType(typeWindowsService, &WindowsService{}) }

Expand Down
4 changes: 2 additions & 2 deletions thorlog/v3/shimcache.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ type ShimCacheEntry struct {

func (ShimCacheEntry) reportable() {}

const typeShimCacheEntry = "SHIM cache entry"
const typeShimCacheEntry = "shim cache entry"

func init() { AddLogObjectType(typeShimCacheEntry, &ShimCacheEntry{}) }

Expand All @@ -40,7 +40,7 @@ type ShimCache struct {

func (ShimCache) reportable() {}

const typeShimCache = "SHIM cache"
const typeShimCache = "shim cache"

func init() { AddLogObjectType(typeShimCache, &ShimCache{}) }

Expand Down
2 changes: 1 addition & 1 deletion thorlog/v3/sparsedata.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ func (s InvalidUnicodeString) MarshalJSON() ([]byte, error) {

var escaper = strings.NewReplacer("\\", "\\\\", "\"", "\\\"")

const typeSparseData = "sparsedata"
const typeSparseData = "sparse data"

func init() { AddLogObjectType(typeSparseData, &SparseData{}) }

Expand Down
4 changes: 2 additions & 2 deletions thorlog/v3/users.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ type UnixUser struct {

func (UnixUser) reportable() {}

const typeUnixUser = "unix user"
const typeUnixUser = "Unix user"

func init() { AddLogObjectType(typeUnixUser, &UnixUser{}) }

Expand Down Expand Up @@ -100,7 +100,7 @@ type WindowsUser struct {

func (WindowsUser) reportable() {}

const typeWindowsUser = "windows user"
const typeWindowsUser = "Windows user"

func init() { AddLogObjectType(typeWindowsUser, &WindowsUser{}) }

Expand Down
4 changes: 2 additions & 2 deletions thorlog/v3/webhistory.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ type WebDownload struct {

func (WebDownload) reportable() {}

const typeWebDownload = "Web Download"
const typeWebDownload = "web download"

func init() { AddLogObjectType(typeWebDownload, &WebDownload{}) }

Expand All @@ -49,7 +49,7 @@ type WebPageVisit struct {

func (WebPageVisit) reportable() {}

const typeWebVisit = "Web Page Visit"
const typeWebVisit = "web page visit"

func init() { AddLogObjectType(typeWebVisit, &WebPageVisit{}) }

Expand Down