Prevent on_complete execution for matched signatures #2758
Conversation
Summary of ChangesHello @doomedraven, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request refines the signature processing logic by ensuring that the Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds a debug log message to indicate when a signature's on_complete method is skipped because the signature has already matched within its on_call method. This improves debuggability by making the control flow explicit. My feedback includes a minor simplification to remove a redundant check.
* Update AdaptixBeacon yara and add NitrogenBunnyDownloader yara * add missing hash * add missing update * Gemini nags * Additional Rhadamanthys patterns * Switch Suricata installation to version 7.0 Comment out the repository for Suricata 8 and use Suricata 7.0 instead. * Remove test_handle_process_invalid_data() from tests/test_analyzer.py * Tweak Rhadamanthys patterns - removed highly variable jump size in conditional jump (0x2e6 bytes code, size highly brittle) - replaced eax register in nice characteristic pattern as it can only be eax, since pattern contains the xor eax, eax instruction by which the code zeroes) * Rhadamanthys anti-anti detonation bypass * Rhadamanthys detection patterns * Enable protocol extended information to be generated without a TLS master secret (#2739) * Update NitroBunnyDownloader yara * Bump django from 5.1.13 to 5.1.14 (#2742) Bumps [django](https://github.com/django/django) from 5.1.13 to 5.1.14. - [Commits](django/django@5.1.13...5.1.14) --- updated-dependencies: - dependency-name: django dependency-version: 5.1.14 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update startup.py * Fix path handling for SHA256 calculation * Update startup.py * Monitor updates: see changelog for details * analyzer: remove obsolete 'suspended' parameter from CommandPipeHandler * Update routing.rst * Fix error list entry format in demux.py * prevent linux parsing errors (#2744) * Rhadamanthys unhook bypass * Add Suricata host (#2745) * Rename surihhost to surihost in search.html * Add 'surihost' key to Suricata alert mapping * Update lib/cuckoo/common/web_utils.py Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Monitor update: Add config option for monitor injection into supplied pid or "explorer" for shell: monitor=<pid/"explorer"> * SmokeLoader 2025 * Update installation step to include KnowledgeBaseBot Install dependencies from both requirements files. * Bump django from 5.1.13 to 5.1.14 (#2749) Bumps [django](https://github.com/django/django) from 5.1.13 to 5.1.14. - [Commits](django/django@5.1.13...5.1.14) --- updated-dependencies: - dependency-name: django dependency-version: 5.1.14 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci: Update requirements.txt * Refactor auto_answer.yml to streamline dependency installation Updated the workflow to install dependencies using uv run with specified requirements files. * fix docs * Fix a bug that prevents terminal status from being reported by the agent (#2753) Updates the POST /status endpoint to unset the async subprocess if the new status is terminal. This makes GET /status report the final analysis state, rather than the child process state. * Fix 'machines' vars on Azure (#2755) * Monitor update: Fix issue with RESUME: monitor message from NtResumeProcess hook * Bump pypdf from 5.2.0 to 6.4.0 (#2757) Bumps [pypdf](https://github.com/py-pdf/pypdf) from 5.2.0 to 6.4.0. - [Release notes](https://github.com/py-pdf/pypdf/releases) - [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md) - [Commits](py-pdf/pypdf@5.2.0...6.4.0) --- updated-dependencies: - dependency-name: pypdf dependency-version: 6.4.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Prevent on_complete execution for matched signatures (#2758) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: enzok <7831008+enzok@users.noreply.github.com> Co-authored-by: Yung Binary <93540406+YungBinary@users.noreply.github.com> Co-authored-by: Kevin O'Reilly <kevoreilly@gmail.com> Co-authored-by: Fernando Domínguez <6620286+FernandoDoming@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: David Santos <44490090+dsecuma@users.noreply.github.com> Co-authored-by: Bart <3075118+bartblaze@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: GitHub Actions <action@github.com> Co-authored-by: Josh Feather <142008135+josh-feather@users.noreply.github.com> Co-authored-by: Lilian <86776930+Grand-Duc@users.noreply.github.com>
No description provided.