[BUG] ScanPe adds dictionary to flags array

Question

[BUG] ScanPe adds dictionary to flags array

andrea-matsec opened this issue 6 months ago · comments

Describe the bug
I'm not sure if this is a bug or an intentional change, but it seems that ScanPe adds a dictionary to the flags array under certain conditions.
I was able to identify the commit causing this change in behavior 6aec6d6#diff-8ab020f57ff0fffcfc6278539ec45f71021c8000ee44e3aa7a978fc13abaa976
and I was wondering if it was intentional to change the condition form

        if cert_dict := parse_certificates(data):
            if type(cert_dict) != str:
                self.event["security"] = cert_dict
            else:
                self.flags.append(cert_dict)

to

        if cert_dict := parse_certificates(data):
            if type(cert_dict) is str:
                self.event["security"] = cert_dict
            else:
                self.flags.append(cert_dict)

instead of

        if cert_dict := parse_certificates(data):
            if type(cert_dict) is not str:
                self.event["security"] = cert_dict
            else:
                self.flags.append(cert_dict)

Paul Hutelmyer · Answer 1 · Mon Feb 12 2024 21:50:36 GMT+0800 (China Standard Time)

@andrea-matsec Thank you so much for identifying this!
I definitely don't want to use that field for a dictionary. I'll fix that up and get that changed today.
Really appreciate it. :)