more linting, minor enrichment skill update

Lee Chagolla-Christensen · Lee Chagolla-Christensen · commit 041d6fd7c1d1 · 2026-02-04T10:29:23.000-08:00
diff --git a/.claude/skills/enrichment-module-builder.md b/.claude/skills/enrichment-module-builder.md
@@ -423,6 +423,12 @@ class Test{ModuleName}Analyzer:
             # Assert on results
 ```
 
+Guidelines:
+- Test both positive(happy path) and negative(unhappy path) cases.
+  - Do this for all result types, findings, transforms, DB writes, and file uploads generated.
+- Handle edge cases and error conditions
+
+
 ### Run Tests
 
 ```bash
diff --git a/libs/chromium/chromium/helpers.py b/libs/chromium/chromium/helpers.py
@@ -295,7 +295,7 @@ def is_valid_text(data: bytes) -> bool:
 
 
 def byte_xor(ba1, ba2):
-    return bytes([_a ^ _b for _a, _b in zip(ba1, ba2)])
+    return bytes([_a ^ _b for _a, _b in zip(ba1, ba2, strict=False)])
 
 
 def parse_abe_blob(abe_data: bytes, chromekey: bytes | None = None) -> dict | None:
diff --git a/libs/common/common/models2/dpapi.py b/libs/common/common/models2/dpapi.py
@@ -1,7 +1,7 @@
 """DPAPI credential models for API requests."""
 
 import re
-from typing import Annotated, Literal, Union
+from typing import Annotated, Literal
 from uuid import UUID
 
 from common.logger import get_logger
@@ -201,15 +201,13 @@ def get_credential_type(v):
 
 
 type DpapiCredentialRequest = Annotated[
-    Union[
-        Annotated[PasswordCredentialKey, Tag("password")],
-        Annotated[NtlmHashCredentialKey, Tag("cred_key_ntlm")],
-        Annotated[Sha1CredentialKey, Tag("cred_key_sha1")],
-        Annotated[Pbkdf2StrongCredentialKey, Tag("cred_key_pbkdf2")],
-        Annotated[DomainBackupKeyCredential, Tag("domain_backup_key")],
-        Annotated[MasterKeyGuidPairList, Tag("master_key_guid_pair")],
-        Annotated[DpapiSystemCredentialRequest, Tag("dpapi_system")],
-        Annotated[ChromiumAppBoundKeyCredential, Tag("chromium_app_bound_key")],
-    ],
+    Annotated[PasswordCredentialKey, Tag("password")]
+    | Annotated[NtlmHashCredentialKey, Tag("cred_key_ntlm")]
+    | Annotated[Sha1CredentialKey, Tag("cred_key_sha1")]
+    | Annotated[Pbkdf2StrongCredentialKey, Tag("cred_key_pbkdf2")]
+    | Annotated[DomainBackupKeyCredential, Tag("domain_backup_key")]
+    | Annotated[MasterKeyGuidPairList, Tag("master_key_guid_pair")]
+    | Annotated[DpapiSystemCredentialRequest, Tag("dpapi_system")]
+    | Annotated[ChromiumAppBoundKeyCredential, Tag("chromium_app_bound_key")],
     Field(discriminator=Discriminator(get_credential_type)),
 ]
diff --git a/libs/common/common/state_helpers.py b/libs/common/common/state_helpers.py
@@ -111,7 +111,7 @@ def get_file_enriched(object_id: str) -> FileEnriched:
                     raise RuntimeError("Query returned no column descriptions")
 
                 columns = [desc[0] for desc in cur.description]
-                file_data = dict(zip(columns, result))
+                file_data = dict(zip(columns, result, strict=True))
 
                 # Transform data using shared helper
                 file_data = _transform_file_enriched_data(file_data)
diff --git a/libs/common/common/workflows/workflow_purger.py b/libs/common/common/workflows/workflow_purger.py
@@ -318,7 +318,7 @@ async def _run_purge_cycle(self) -> dict:
                         # Collect successfully purged workflow IDs
                         purged_wf_ids = []
 
-                        for wf_id, result in zip(workflow_ids, purge_results):
+                        for wf_id, result in zip(workflow_ids, purge_results, strict=True):
                             if isinstance(result, Exception):
                                 logger.error(
                                     "Purge operation failed with exception",
diff --git a/libs/file_enrichment_modules/file_enrichment_modules/dotnet/analyzer.py b/libs/file_enrichment_modules/file_enrichment_modules/dotnet/analyzer.py
@@ -2,7 +2,6 @@
 import hashlib
 import json
 from pathlib import Path
-from typing import Union
 
 import dnfile
 from common.logger import get_logger
@@ -57,7 +56,7 @@ def process_resources(assembly):
     return resources
 
 
-def parse_dotnet_assembly(filename: Union[str, Path]) -> dict:
+def parse_dotnet_assembly(filename: str | Path) -> dict:
     """
     Parses a .NET assembly file and returns a dictionary of .NET specific data.
     """
diff --git a/libs/file_enrichment_modules/file_enrichment_modules/sqlite/analyzer.py b/libs/file_enrichment_modules/file_enrichment_modules/sqlite/analyzer.py
@@ -72,7 +72,9 @@ def format_sqlite_data(database_data: dict) -> str:
             continue
 
         # Show schema with column types
-        schema_with_types = [f"{col} ({type_})" for col, type_ in zip(data["schema"], data["column_types"])]
+        schema_with_types = [
+            f"{col} ({type_})" for col, type_ in zip(data["schema"], data["column_types"], strict=True)
+        ]
         output.append(f"Schema: {', '.join(schema_with_types)}")
 
         output.append("Data:")
diff --git a/projects/agents/agents/schemas.py b/projects/agents/agents/schemas.py
@@ -1,5 +1,5 @@
 from enum import StrEnum
-from typing import Any, Literal, Union
+from typing import Any, Literal
 
 from pydantic import BaseModel, Field, field_validator
 
@@ -27,7 +27,7 @@ class TriageRequest(BaseModel):
     finding_id: int = Field(..., description="Unique finding identifier")
     finding_name: str = Field(..., description="Name/type of the finding")
     category: str | None = Field(None, description="Finding category")
-    severity: Union[int, str] | None = Field(None, description="Finding severity level (0-10 or string)")
+    severity: int | str | None = Field(None, description="Finding severity level (0-10 or string)")
     object_id: str = Field(..., description="Object storage ID")
     origin_type: str | None = Field(None, description="Type of the finding's origin")
     origin_name: str | None = Field(None, description="Name of the finding's origin")
diff --git a/projects/cli/cli/cobaltstrike_connector/download_processor.py b/projects/cli/cli/cobaltstrike_connector/download_processor.py
@@ -5,7 +5,6 @@
 from dataclasses import dataclass
 from datetime import UTC, datetime
 from pathlib import Path
-from typing import Union
 
 import plyvel
 from cli.cobaltstrike_connector.cobaltstrike_client import Beacon, CobaltStrikeClient, Download
@@ -92,7 +91,7 @@ def mark_processed(
 
     async def upload_file(
         self,
-        file_path: Union[Path, str],
+        file_path: Path | str,
         metadata: FileMetadata,
         delete_after: bool = False,
     ) -> tuple[bool, str | None, FileWithMetadataResponse | None]:
diff --git a/projects/cli/cli/config.py b/projects/cli/cli/config.py
@@ -1,5 +1,5 @@
 from pathlib import Path
-from typing import Annotated, Union
+from typing import Annotated
 from urllib.parse import urlparse
 
 import yaml
@@ -63,7 +63,7 @@ class NemesisConfig(BaseConfig):
 
 class MythicConfig(BaseConfig):
     url: StrictHttpUrl
-    credential: Union[PasswordCredential, TokenCredential]
+    credential: PasswordCredential | TokenCredential
 
     @field_validator("credential")
     @classmethod
diff --git a/projects/cli/cli/mythic_connector/config.py b/projects/cli/cli/mythic_connector/config.py
@@ -1,6 +1,5 @@
 from dataclasses import dataclass
 from functools import lru_cache
-from typing import Union
 from urllib.parse import ParseResult, urlparse
 
 from dynaconf import Dynaconf, Validator
@@ -20,7 +19,7 @@ class TokenCredential:
 @dataclass
 class MythicConfig:
     url: str
-    credential: Union[UsernamePasswordCredential, TokenCredential]
+    credential: UsernamePasswordCredential | TokenCredential
 
     @classmethod
     def from_dict(cls, data: dict) -> "MythicConfig":
diff --git a/projects/cli/cli/nemesis_client.py b/projects/cli/cli/nemesis_client.py
@@ -2,7 +2,7 @@
 import os
 from datetime import UTC, datetime
 from pathlib import Path
-from typing import BinaryIO, Union
+from typing import BinaryIO
 
 import requests
 from cli.config import NemesisConfig
@@ -132,7 +132,7 @@ def post_file(
             if need_cleanup and file_stream is not None:
                 file_stream.close()
 
-    def get_health(self) -> Union[HealthResponse, ErrorResponse] | None:
+    def get_health(self) -> HealthResponse | ErrorResponse | None:
         """Get API health status.
 
         Returns:
@@ -150,7 +150,7 @@ def get_health(self) -> Union[HealthResponse, ErrorResponse] | None:
             logger.error(f"Error getting health status: {e}")
             return None
 
-    def get_api_info(self) -> Union[APIInfo, ErrorResponse] | None:
+    def get_api_info(self) -> APIInfo | ErrorResponse | None:
         """Get API information.
 
         Returns:
@@ -168,7 +168,7 @@ def get_api_info(self) -> Union[APIInfo, ErrorResponse] | None:
             logger.error(f"Error getting API info: {e}")
             return None
 
-    def reload_yara_rules(self) -> Union[YaraReloadResponse, ErrorResponse] | None:
+    def reload_yara_rules(self) -> YaraReloadResponse | ErrorResponse | None:
         """Reload Yara rules.
 
         Returns:
diff --git a/projects/cli/cli/stage1_connector/download_processor.py b/projects/cli/cli/stage1_connector/download_processor.py
@@ -5,7 +5,6 @@
 from dataclasses import dataclass
 from datetime import UTC, datetime
 from pathlib import Path
-from typing import Union
 
 import plyvel
 from cli.nemesis_client import NemesisClient
@@ -107,7 +106,7 @@ def mark_processed(
 
     async def upload_file(
         self,
-        file_path: Union[Path, str],
+        file_path: Path | str,
         metadata: FileMetadata,
         delete_after: bool = False,
     ) -> tuple[bool, str | None, FileWithMetadataResponse | None]:
diff --git a/projects/file_enrichment/file_enrichment/file_feature_extractor.py b/projects/file_enrichment/file_enrichment/file_feature_extractor.py
@@ -1166,7 +1166,10 @@ def compute_population_stats(file_records: list[dict]) -> dict | None:
                 "avg_lifespan_days": statistics.mean(times["lifespans"]) / 86400,  # Convert seconds to days
                 "std_lifespan_days": statistics.stdev(times["lifespans"]) / 86400 if len(times["lifespans"]) > 1 else 0,
                 "median_update_interval_days": statistics.median(
-                    [(b - a).days for a, b in zip(sorted(times["modified"])[:-1], sorted(times["modified"])[1:])]
+                    [
+                        (b - a).days
+                        for a, b in zip(sorted(times["modified"])[:-1], sorted(times["modified"])[1:], strict=True)
+                    ]
                 )
                 if len(times["modified"]) > 1
                 else 0,
diff --git a/projects/web_api/web_api/main.py b/projects/web_api/web_api/main.py
@@ -700,7 +700,7 @@ def get_failed_workflows_from_db():
                     failed_workflows = []
 
                     for row in cur.fetchall():
-                        workflow_dict = dict(zip(columns, row))
+                        workflow_dict = dict(zip(columns, row, strict=True))
 
                         # Convert UUID to string if present
                         if workflow_dict.get("object_id"):
diff --git a/pyproject.toml b/pyproject.toml
@@ -47,25 +47,27 @@ select = [
     "C",     # flake8-comprehensions
     "B",     # flake8-bugbear
     "UP",    # pyupgrade
-    "NPY",   # numpydoc
-    "A",     # flake8-annotations
+    "NPY",   # numpy-specific rules
+    "A",     # flake8-builtins
     "TC001", # Move application-only imports into TYPE_CHECKING block
     "TC002", # Move third-party imports into TYPE_CHECKING block
     "TC003", # Move standard library imports into TYPE_CHECKING block
 ]
 ignore = [
     "E501",  # line too long, handled by black
     "B008",  # do not perform function calls in argument defaults
-    "C901",  # too complex
+    "C901",  # cyclomatic complexity. TODO: enable later
     "W191",  # indentation contains tabs
     "F722",  # syntax error in forward annotation
-    "UP007", # X | Y syntax while we're still supporting 3.9
-    "UP038", # isinstance() X | Y instance ^
-    "B905",  # zip() without strict (isn't supported in 3.9)
 ]
 
 [tool.ruff.format]
 quote-style = "double"
 indent-style = "space"
 skip-magic-trailing-comma = false
 line-ending = "auto"
+
+
+# TODO: Enable this later and address problems
+#[tool.ruff.lint.mccabe]
+#max-complexity = 20
