Python lesson please

Dave Angel d at davea.name
Mon Nov 7 13:14:50 EST 2011 

On 11/07/2011 11:40 AM, gene heskett wrote:
> On Monday, November 07, 2011 11:30:45 AM Dave Angel did opine:
> Back on the list..
>> On 11/07/2011 06:22 AM, gene heskett wrote:
>>> On Monday, November 07, 2011 05:35:15 AM Peter Otten did opine:
>>> <SNIP>
>>>
>>>> Are you talking about this one?
>>>>
>>>> https://github.com/halsten/Duqu-detectors/blob/master/DuquDriverPatte
>>>> rns .py
>>>
>>> Yes.  My save as renamed it, still has about 30k of tabs in it.  But I
>>> pulled it again, using the 'raw' link, saved it, no extra tabs.
>>>
>>> But it still doesn't work for linux.  My python is 2.6.6
>>
>> To start with, what's the md5 of the file you downloaded and are
>> testing?  I get c4592a187f8f7880d3b685537e3bf9a5
>
> [root at coyote Download]# md5sum DuquDriverPatterns.py
> c4592a187f8f7880d3b685537e3bf9a5  DuquDriverPatterns.py, same as yours.
>
>> from md5sum.  If you get something different, one of us changed the
>> file, or you got it before today.
>>
>> The whole tab issue is a red-herring in this case.  But I don't see how
>> you can find 30k tabs in a thousand lines.  And if I were going to detab
>> it, I'd pick 4 spaces, so the code doesn't stretch across the page.
>
> Down toward the bottom of the file, the tab indentations were as high as 33
> leading tabs per line.  Each stanza of the data was tab indented 2
> additional tabs from the one above it in the original file.  30k was
> perhaps a poor SWAG, but 10 to 15k seems an entirely reasonable guess.
>
What program are you using to read the file and support that claim? 
Neither emacs nor gedit shows more than one leading tab on any line I 
looked.  And if you set tabs to 4 columns, the file looks quite 
reasonable.  Doing a quick scan I see max of 5 tabs on any single line, 
and 1006 total.


maxtabs = 0
totaltabs = 0
f = open("DuquDriverPatterns.py", "r")
for line in f:

     cline = line.replace("\t", "")
     tabs = len(line) - len(cline)
     if tabs:
         print tabs
         maxtabs = max(maxtabs, tabs)
         totaltabs += tabs

print "max=", maxtabs
print "total=", totaltabs




>>> <SNIP>
>>>
>>>> python DuquDriverPatterns.py ./directoryOfMalware
>>>>
>>>> and the line you are quoting then puts the value
>>>> "./directoryOfMalware" into the rootdir variable.
>>>
>>> If only it would...  Using this version, the failure is silent and
>>> instant.

The only way I've been able to make it "silent and instant" was to give 
it the name of an empty directory, or a typo representing no directory 
at all.


>>> Besides, the malware could be anyplace on the system.  But
>>> it needs to skip /dev since it hangs on the midi tree, /mnt and
>>> /media because they are not part of the running system even if disks
>>> are mounted there.
>>
>> First, run it on the current directory, and it should list the files in
>> that directory:
>>
>> I ran it in the directory I unzipped it into, so there are two files,
>> the README and the source file itself.
>>
>> $ python DuquDriverPatterns.py   .
>> Scanning ./README:
>> No match for pattern #0 on file named: README
>> No match for pattern #1 on file named: README
>> No match for pattern #2 on file named: README
>>
>> etc.
>>
>> The only way I can see to get NO output is to run it on an empty
>> directory: $mkdir junk
>> $ python DuquDriverPatterns.py   junk
>>
>> As for skipping certain directories, we can deal with that as soon as
>> you get proper behavior for any subtree of directories.
>>
>> Have you tried adding a print ("Hello World " + rootdir) just before the
>>
>> for root, subFolders, files in os.walk(rootdir):
>>
>> line ?  Or putting a   print len(files)  just after it (indented, of
>> course) ?
>
> No, I did try to print the value of rootdir though, indented the same, and
> got a null printout, not even a line feed.
>

If you had put the print I suggested, it would at least print the words 
"Hello World".  Since it did not, you probably didn't actually add the 
line where I suggested.

> Thanks Dave.
>
> Cheers, Gene

In another message you said it doesn't work on absolute file paths.  But 
it does.  You can replace any relative directory name with the absolute 
version, and it won't change the behavior.  I suspect you were caught up 
by a typo for the absolute path string.


-- 

DaveA

More information about the Python-list mailing list