T5610 More small fixes (#218)

* Fix error log str fmt

* Fix windir data extraction

* Delete unused files

* Fix typo

* Improve test

.github/workflows/test.yml

@@ -4,7 +4,7 @@ on:
   push:
     branches:
       - "T4627_py3_main"
-      - "T5610_log_ini"
+      - "T5610_more_fixes"
 
 jobs:
   tests:

canarytokens/channel_output_webhook.py

@@ -48,13 +48,11 @@ def generic_webhook_send(
             response.raise_for_status()
         except requests.exceptions.HTTPError:
             log.error(
-                "Failed sending request to webhook {url}.",
-                url=alert_webhook_url,
+                f"Failed sending request to webhook {alert_webhook_url}.",
             )
         except requests.exceptions.ConnectionError:
             log.error(
-                "Failed connecting to webhook {url}.",
-                url=alert_webhook_url,
+                f"Failed connecting to webhook {alert_webhook_url}.",
             )
         else:
             log.info(f"Successfully sent to {alert_webhook_url}")

canarytokens/tokens.py

@@ -292,9 +292,9 @@ def _desktop_ini_browsing(matches: Match[AnyStr]) -> dict[str, dict[str, AnyStr]
         domain = matches.group(3)
         return {
             "src_data": {
-                "windows_desktopini_access_username": username,
-                "windows_desktopini_access_hostname": hostname,
-                "windows_desktopini_access_domain": domain,
+                "windows_desktopini_access_username": username.lower(),
+                "windows_desktopini_access_hostname": hostname.lower(),
+                "windows_desktopini_access_domain": domain.lower(),
             }
         }
 

templates/generate_new.html

@@ -132,7 +132,7 @@ <h3 class="text-muted">
                     <li data-type="windows_dir"    class="token-item" data-memo-placeholder="Directory token placed in U:\Users\Sarah\CreditCardReports\"><a href="#" class="icon icon-folder"><span class="title">Windows folder</span><div class="explanation">Be notified when a Windows Folder is browsed in Windows Explorer</div></a></li>
                     <li data-type="log4shell"      class="token-item" data-memo-placeholder="Placewhere log line is inserted"><a href="#" class="icon icon-log4shell"><span class="title">Log4Shell</span><div class="explanation">Alert when a log4j log line is vulnerable to CVE-2021-44228</div></a></li>
                     <li data-type="fast_redirect"  class="token-item" data-memo-placeholder="URL within Dropbox"><a href="#" class="icon icon-redirect"><span class="title">Fast redirect</span><div class="explanation">Alert when a URL is visited, User is redirected</div></a></li>
-                    <li data-type="slow_redirect"  class="token-item" data-memo-placeholder="URL within Dropbox"><a href="#" class="icon icon-redirect"><span class="title">Slow redirect</span><div class="explanation">Alert when a URL is visited, User is redirected (Moar info is grabbed!)</div></a></li>
+                    <li data-type="slow_redirect"  class="token-item" data-memo-placeholder="URL within Dropbox"><a href="#" class="icon icon-redirect"><span class="title">Slow redirect</span><div class="explanation">Alert when a URL is visited, User is redirected (More info is grabbed!)</div></a></li>
                 		<li data-type="web_image"      class="token-item" data-memo-placeholder="Image embedded in router X's admin interface"><a href="#" class="icon icon-web-image"><span class="title">Custom image web bug</span><div class="explanation">Alert when an image you uploaded is viewed</div></a></li>
                     <li data-type="adobe_pdf"      class="token-item" data-memo-placeholder="PDF document placed at U:\Users\Sipho\Reports\feb.pdf"><a href="#" class="icon icon-pdf"><span class="title">Acrobat Reader PDF document</span><div class="explanation">Get alerted when a PDF document is opened in Acrobat Reader</div></a></li>
                     <li data-type="signed_exe"     class="token-item" data-memo-placeholder="Tokened whoami.exe on web server WEB01"><a href="#" class="icon icon-exe"><span class="title">Custom exe / binary</span><div class="explanation">Fire an alert when an EXE or DLL is executed</div></a></li>

tests/integration/test_windows_folder.py

@@ -29,14 +29,29 @@
 MODE_DIRECTORY = 0x10
 
 
+@pytest.mark.parametrize(
+    "test_user,test_computer,test_domain",
+    [
+        ("uSeRnaME1", "cOMp-1", "teSTdoMAin"),
+    ],
+)
 @pytest.mark.parametrize(
     "version",
     [
         v2,
         v3,
     ],
 )
-def test_windows_directory(tmpdir, version, webhook_receiver, runv2, runv3):
+def test_windows_directory(
+    test_user: str,
+    test_computer: str,
+    test_domain: str,
+    tmpdir,
+    version,
+    webhook_receiver,
+    runv2,
+    runv3,
+):
     run_or_skip(version, runv2=runv2, runv3=runv3)
     # initialize request
     memo = "windows directory memo!"
@@ -83,9 +98,6 @@ def test_windows_directory(tmpdir, version, webhook_receiver, runv2, runv3):
 
     # extract token url from file
     extracted_url = ""
-    test_user = "username1"
-    test_computer = "comp-1"
-    test_domain = "testdomain"
     with ZipFile(input_buf, "r") as zipfile:
         for zipinfo in zipfile.filelist:
             if zipinfo.external_attr & MODE_DIRECTORY:
@@ -127,10 +139,10 @@ def test_windows_directory(tmpdir, version, webhook_receiver, runv2, runv3):
     resp = get_token_history(token_info=token_info, version=version)
     token_history = WindowsDirectoryTokenHistory(**resp)
     assert len(token_history.hits) >= 1
-    token_hit = token_history.hits[0]
+    token_hit = token_history.hits[-1]
     assert token_hit.input_channel == "DNS"
     assert token_hit.src_data == {
-        "windows_desktopini_access_domain": test_domain,
-        "windows_desktopini_access_hostname": test_computer,
-        "windows_desktopini_access_username": test_user,
+        "windows_desktopini_access_domain": test_domain.lower(),
+        "windows_desktopini_access_hostname": test_computer.lower(),
+        "windows_desktopini_access_username": test_user.lower(),
     }