Merge pull request #36 from Yamato-Security/35-fix-invalid-hex-intege…

…r-error

fix: `timeline-suspicious-process` command `Error: unhandled exception: invalid hex integer: [ValueError]`

CHANGELOG-Japanese.md

@@ -8,6 +8,10 @@
 - 依存関係を減らすため、HTTPクライアントをPuppyに置き換えた。 (#33) (@fukusuket)
 - パフォーマンス向上のため、VirusTotalクエリをマルチスレッドにした。 (#33) (@fukusuket)
 
+**バグ修正*:**
+
+- Hayabusa 2.8.0以上の結果で`timeline-suspicious-processes`を実行した際のクラッシュを修正した。 (#35) (@fukusuket)
+
 ## 2.0.0 [2022/08/03] - [SANS DFIR Summit 2023 Release](https://www.sans.org/cyber-security-training-events/digital-forensics-summit-2023/)
 
 **新機能:**

CHANGELOG.md

@@ -8,7 +8,9 @@
 - Replaced HTTP with Puppy to reduce external dependencies. (#33) (@fukusuket)
 - Made VirusTotal lookups multi-threaded to increase performance. (#33) (@fukusuket)
 
-- `list-domains`: create a
+**Bug Fixes*:**
+
+- `timeline-suspicious-processes` would crash when Hayabusa results from version 2.8.0+ was used. (#35) (@fukusuket)
 
 ## 2.0.0 [2022/08/03] - [SANS DFIR Summit 2023 Release](https://www.sans.org/cyber-security-training-events/digital-forensics-summit-2023/)
 

src/takajopkg/timelineSuspiciousProcesses.nim

@@ -60,7 +60,10 @@ proc timelineSuspiciousProcesses(level: string = "high", output: string = "", qu
             computer = jsonLine["Computer"].getStr()
             process = jsonLine["Details"]["Proc"].getStr()
             pidStr = jsonLine["Details"]["PID"].getStr()
-            pidStr = intToStr(fromHex[int](pidStr))
+            try:
+              pidStr = intToStr(fromHex[int](pidStr))
+            except ValueError:
+              discard # conversion errors in fromHex are assumed to have originally been decimal.
             user = jsonLine["Details"]["User"].getStr()
             lid = jsonLine["Details"]["LID"].getStr()
             try: