Refactor file handling to use context managers

Replaced manual open/close file operations with 'with' statements across multiple modules for safer and cleaner resource management. This change improves code readability, ensures files are properly closed, and reduces the risk of resource leaks. Also includes minor logic improvements in modules/processing/tracee.py for process tree construction and log parsing.

Author: doomedraven

analyzer/linux/modules/auxiliary/sysmon.py

@@ -50,10 +50,11 @@ def collect_logs(self):
             '"Linux-Sysmon"',
         ]
         try:
-            _ = subprocess.run(
-                args,
-                stdout=open(SYSMON_LOG_PATH, "wb"),
-            )
+            with open(SYSMON_LOG_PATH, "wb") as f:
+                _ = subprocess.run(
+                    args,
+                    stdout=f,
+                )
         except Exception as e:
             log.error("Could not create sysmon log file - %s", e)
 

analyzer/windows/modules/auxiliary/curtain.py

@@ -27,19 +27,20 @@ def __init__(self, options=None, config=None):
 
     def collectLogs(self):
         try:
-            subprocess.call(
-                [
-                    "C:\\Windows\\System32\\wevtutil.exe",
-                    "query-events",
-                    "microsoft-windows-powershell/operational",
-                    "/rd:true",
-                    "/e:root",
-                    "/format:xml",
-                    "/uni:true",
-                ],
-                startupinfo=self.startupinfo,
-                stdout=open("C:\\curtain.log", "w"),
-            )
+            with open("C:\\curtain.log", "w") as f:
+                subprocess.call(
+                    [
+                        "C:\\Windows\\System32\\wevtutil.exe",
+                        "query-events",
+                        "microsoft-windows-powershell/operational",
+                        "/rd:true",
+                        "/e:root",
+                        "/format:xml",
+                        "/uni:true",
+                    ],
+                    startupinfo=self.startupinfo,
+                    stdout=f,
+                )
         except Exception as e:
             log.error("Curtain - Error collecting PowerShell events - %s", e)
 

analyzer/windows/modules/auxiliary/hollowshunter.py

@@ -108,7 +108,8 @@ def stop(self):
             # We first care about modules that contain PEs
             if scan_report_json in only_files:
                 scan_report_path = os.path.join(dirpath, scan_report_json)
-                report_json = json.loads(open(scan_report_path, "rb").read())
+                with open(scan_report_path, "rb") as f:
+                    report_json = json.loads(f.read())
                 scans = report_json["scans"]
                 for scan in scans:
                     if "workingset_scan" in scan:
@@ -142,7 +143,8 @@ def stop(self):
 
                 log.debug(file_path)
                 try:
-                    file_contents = open(file_path, "rb").read()
+                    with open(file_path, "rb") as f:
+                        file_contents = f.read()
                     if any(item in file_contents for item in strings_of_interest):
                         # We got a hit!
                         files_to_upload.add(file_path)

analyzer/windows/modules/auxiliary/sysmon.py

@@ -41,18 +41,19 @@ def clear_log(self):
     def collect_logs(self):
         sysmon_xml_path = "C:\\sysmon.xml"
         try:
-            subprocess.call(
-                (
-                    "C:\\Windows\\System32\\wevtutil.exe",
-                    "query-events",
-                    "microsoft-windows-sysmon/operational",
-                    "/rd:true",
-                    "/e:Events",
-                    "/format:xml",
-                ),
-                startupinfo=self.startupinfo,
-                stdout=open(sysmon_xml_path, "w"),
-            )
+            with open(sysmon_xml_path, "w") as f:
+                subprocess.call(
+                    (
+                        "C:\\Windows\\System32\\wevtutil.exe",
+                        "query-events",
+                        "microsoft-windows-sysmon/operational",
+                        "/rd:true",
+                        "/e:Events",
+                        "/format:xml",
+                    ),
+                    startupinfo=self.startupinfo,
+                    stdout=f,
+                )
         except Exception as e:
             log.error("Could not create sysmon log file - %s", e)
 

data/trid/tridupdate.py

@@ -39,10 +39,9 @@ def MD5digest(filename=None, data=None):
     """Return an MD5 digest for a file or a string."""
     h = hashlib.md5()
     if filename:
-        f = open(filename, "rb")
-        for data in chunked(f, 1024 * 1024):
-            h.update(data)
-        f.close()
+        with open(filename, "rb") as f:
+            for data in chunked(f, 1024 * 1024):
+                h.update(data)
     elif data:
         h.update(data)
     return h.hexdigest()
@@ -104,9 +103,8 @@ def main():
 
     print("Checking defs integrity...")
     if MD5digest(data=trdpack) == newdigest:
-        f = open(trdfilename, "wb")
-        f.write(trdpack)
-        f.close()
+        with open(trdfilename, "wb") as f:
+            f.write(trdpack)
         print("OK.")
     else:
         errexit("Digest don't match. Retry!")

modules/processing/hollowshunter.py

@@ -33,7 +33,8 @@ def run(self):
         for report in report_list:
             report_path = os.path.join(hh_path, report)
             try:
-                report_contents = open(report_path).read()
+                with open(report_path) as f:
+                    report_contents = f.read()
                 report_json = json.loads(report_contents)
             except Exception as e:
                 raise CuckooProcessingError("Failed parsing report %s due to %s" % (report_path, str(e)))

modules/processing/sysmon.py

@@ -85,11 +85,13 @@ def run(self):
         data = None
         try:
             if windows:
-                xml = open(sysmon_path, "rb").read()
+                with open(sysmon_path, "rb") as f:
+                    xml = f.read()
                 xml = xml.decode("latin1").encode("utf8")
                 data = xmltodict.parse(xml)["Events"]["Event"]
             elif linux:
-                journalctl_output = open(sysmon_path, "rb").readlines()
+                with open(sysmon_path, "rb") as f:
+                    journalctl_output = f.readlines()
                 xml = massage_linux_data(journalctl_output)
                 data = xmltodict.parse(xml)["Events"]["Event"]
             else: