Added yamllint CI test (#473)

ForensicArtifacts · Feb 27, 2022 · 3b401b6 · 3b401b6
1 parent 347449c
commit 3b401b6
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 27 deletions.
diff --git a/.github/workflows/test_tox.yml b/.github/workflows/test_tox.yml
@@ -24,7 +24,7 @@ jobs:
         - python-version: '3.10'
           toxenv: 'py310'
         - python-version: '3.8'
-          toxenv: 'pylint'
+          toxenv: 'lint'
     container:
       image: ubuntu:20.04
     steps:

diff --git a/data/windows.yaml b/data/windows.yaml
@@ -2143,27 +2143,7 @@ urls:
 - 'https://blogs.technet.microsoft.com/platforms_lync_cloud/2017/05/05/disabling-windows-10-action-center-notifications/'
 ---
 name: WindowsBootConfigurationSettings
-doc: |
-  Windows Boot Configuration Settings.
-
-  These Windows Registry values are associated with the Windows Boot
-  Configuration Settings. Malware, like Cerber (ransomware), is known to
-  change the Windows Boot Configuration Settings and disable recovery options
-  like the ability to boot into safe mode.
-
-  'bcdedit.exe' can be used to modify the Windows Boot Configuration Settings.
-  The mappings of registry key to associated bcdedit commands is as
-  follows:
-  * 16000009: 'bcdedit.exe /set {default} recoveryenabled <yes|no>'
-    * 00 gets stored for 'no', 01 gets stored for 'yes'
-  * 250000e0: 'bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures'
-    * 01 00 00 00 00 00 00 00 gets stored.  Otherwise, the key is not present
-
-  The wildcard component of the Windows Registry key is the identifier
-  associated with the Windows Boot Loader instance on a given machine. This
-  identifier can be determined by running 'bcdedit.exe /v' and looking at the
-  'identifier' under the Windows Boot Loader section (on Windows 7 and
-  Windows 10, '{default}' [used by Cerber] points to this instance).
+doc: Windows Boot Configuration Settings
 sources:
 - type: REGISTRY_VALUE
   attributes:
@@ -2172,9 +2152,7 @@ sources:
     - {key: 'HKEY_LOCAL_MACHINE\BCD00000000\Objects\*\Elements\250000e0', value: 'Element'}
 labels: [System]
 supported_os: [Windows]
-urls:
-- 'https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/bcd-system-store-settings-for-uefi'
-- 'https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html'
+urls: ['https://forensicswiki.xyz/wiki/index.php?title=Windows_Boot_Configuration_Data']
 ---
 name: WindowsDisallowedSystemCertificates
 doc: |

diff --git a/tox.ini b/tox.ini
@@ -1,5 +1,5 @@
 [tox]
-envlist = py3{6,7,8,9,10},coverage,docs,pylint
+envlist = py3{6,7,8,9,10},coverage,docs,lint
 
 [testenv]
 pip_pre = True
@@ -36,7 +36,7 @@ commands =
     sphinx-build -b html -d build/doctrees docs dist/docs
     sphinx-build -b linkcheck docs dist/docs
 
-[testenv:pylint]
+[testenv:lint]
 skipsdist=True
 pip_pre = True
 setenv =
@@ -45,9 +45,12 @@ deps =
     -rrequirements.txt
     -rtest_requirements.txt
     pylint >= 2.9.0, < 2.10.0
+    yamllint >= 1.26.0
 commands =
     pylint --version
+    yamllint -v
     # Ignore setup.py for now due to:
     # setup.py:15:0: E0001: Cannot import 'distutils.command.bdist_msi' due to
     # syntax error 'expected an indented block (<unknown>, line 347)' (syntax-error)
     pylint --rcfile=.pylintrc artifacts tests tools
+    yamllint -c .yamllint.yaml data test_data