Core: Fix up github security issues

This fixes an unused import, an improper use of self and lots and lots
of places where we implicitly return None.  This now explicitly returns
None to improve readability and prevent mixed implicit and explicit
return values.  This should also somewhat aid type checking by humans.

volatility3/cli/__init__.py

@@ -662,7 +662,7 @@ def __init__(self, filename: str):
             def close(self):
                 # Don't overcommit
                 if self.closed:
-                    return
+                    return None
 
                 self.seek(0)
 
@@ -712,7 +712,7 @@ def close(self):
                 """Closes and commits the file (by moving the temporary file to the correct name"""
                 # Don't overcommit
                 if self._file.closed:
-                    return
+                    return None
 
                 self._file.close()
                 output_filename = self._get_final_filename()

volatility3/cli/volshell/generic.py

@@ -108,7 +108,7 @@ def help(self, *args):
         """Describes the available commands"""
         if args:
             help(*args)
-            return
+            return None
 
         variables = []
         print("\nMethods:")
@@ -325,7 +325,7 @@ def display_type(
             (str, interfaces.objects.ObjectInterface, interfaces.objects.Template),
         ):
             print("Cannot display information about non-type object")
-            return
+            return None
 
         if not isinstance(object, str):
             # Mypy requires us to order things this way
@@ -453,7 +453,7 @@ def display_symbols(self, symbol_table: str = None):
         """Prints an alphabetical list of symbols for a symbol table"""
         if symbol_table is None:
             print("No symbol table provided")
-            return
+            return None
         longest_offset = longest_name = 0
 
         table = self.context.symbol_space[symbol_table]

volatility3/cli/volshell/linux.py

@@ -35,9 +35,9 @@ def change_task(self, pid=None):
                 process_layer = task.add_process_layer()
                 if process_layer is not None:
                     self.change_layer(process_layer)
-                    return
+                    return None
                 print(f"Layer for task ID {pid} could not be constructed")
-                return
+                return None
         print(f"No task with task ID {pid} found")
 
     def list_tasks(self):

volatility3/cli/volshell/mac.py

@@ -35,9 +35,9 @@ def change_task(self, pid=None):
                 process_layer = task.add_process_layer()
                 if process_layer is not None:
                     self.change_layer(process_layer)
-                    return
+                    return None
                 print(f"Layer for task ID {pid} could not be constructed")
-                return
+                return None
         print(f"No task with task ID {pid} found")
 
     def list_tasks(self, method=None):

volatility3/cli/volshell/windows.py

@@ -32,7 +32,7 @@ def change_process(self, pid=None):
             if process.UniqueProcessId == pid:
                 process_layer = process.add_process_layer()
                 self.change_layer(process_layer)
-                return
+                return None
         print(f"No process with process ID {pid} found")
 
     def list_processes(self):

volatility3/framework/automagic/module.py

@@ -29,9 +29,9 @@ def __call__(
                     requirement.requirements[req],
                     progress_callback,
                 )
-            return
+            return None
         if not requirement.unsatisfied(context, config_path):
-            return
+            return None
         # The requirement is unfulfilled and is a ModuleRequirement
 
         context.config[
@@ -43,7 +43,7 @@ def __call__(
                 requirement.requirements[req].unsatisfied(context, new_config_path)
                 and req != "offset"
             ):
-                return
+                return None
 
         # We now just have the offset requirement, but the layer requirement has been fulfilled.
         # Unfortunately we don't know the layer name requirement's exact name

volatility3/framework/automagic/stacker.py

@@ -103,7 +103,7 @@ def stack(
                 appropriate_config_path, layer_name = result
                 context.config.merge(appropriate_config_path, subconfig)
                 context.config[appropriate_config_path] = top_layer_name
-                return
+                return None
             self._cached = None
 
         new_context = context.clone()

volatility3/framework/automagic/symbol_finder.py

@@ -69,7 +69,7 @@ def __call__(
 
         # Bomb out early if our details haven't been configured
         if self.symbol_class is None:
-            return
+            return None
 
         self._requirements = self.find_requirements(
             context,
@@ -120,7 +120,7 @@ def _banner_scan(
 
         # Bomb out early if there's no banners
         if not self.banners:
-            return
+            return None
 
         mss = scanners.MultiStringScanner([x for x in self.banners if x is not None])
 

volatility3/framework/layers/intel.py

@@ -331,9 +331,9 @@ def _mapping(
             except exceptions.InvalidAddressException:
                 if not ignore_errors:
                     raise
-                return
+                return None
             yield offset, length, mapped_offset, length, layer_name
-            return
+            return None
         while length > 0:
             try:
                 chunk_offset, page_size, layer_name = self._translate(offset)

volatility3/framework/layers/msf.py

@@ -47,7 +47,7 @@ def pdb_symbol_table(self) -> str:
     def read_streams(self):
         # Shortcut in case they've already been read
         if self._streams:
-            return
+            return None
 
         # Recover the root table, by recovering the root table index table...
         module = self.context.module(self.pdb_symbol_table, self._base_layer, offset=0)

volatility3/framework/layers/segmented.py

@@ -126,9 +126,9 @@ def mapping(
                     current_offset = logical_offset
                     # If it starts too late then we're done
                     if logical_offset > offset + length:
-                        return
+                        return None
                 except exceptions.InvalidAddressException:
-                    return
+                    return None
             # Crop it to the amount we need left
             chunk_size = min(size, length + offset - logical_offset)
             yield logical_offset, chunk_size, mapped_offset, mapped_size, self._base_layer

volatility3/framework/plugins/linux/capabilities.py

@@ -88,7 +88,7 @@ def _check_capabilities_support(
             kernel_cap_last_cap = vmlinux.object_from_symbol(symbol_name="cap_last_cap")
         except exceptions.SymbolError:
             # It should be a kernel < 3.2
-            return
+            return None
 
         vol2_last_cap = extensions.kernel_cap_struct.get_last_cap_value()
         if kernel_cap_last_cap > vol2_last_cap:

volatility3/framework/plugins/linux/check_syscall.py

@@ -145,7 +145,7 @@ def _generator(self):
             table_info = self._get_table_info(vmlinux, "sys_call_table", ptr_sz)
         except exceptions.SymbolError:
             vollog.error("Unable to find the system call table. Exiting.")
-            return
+            return None
 
         tables = [(table_name, table_info)]
 

volatility3/framework/plugins/linux/malfind.py

@@ -44,7 +44,7 @@ def _list_injections(self, task):
 
         proc_layer_name = task.add_process_layer()
         if not proc_layer_name:
-            return
+            return None
 
         proc_layer = self.context.layers[proc_layer_name]
 

volatility3/framework/plugins/linux/sockstat.py

@@ -147,7 +147,7 @@ def _extract_socket_filter_info(
         socket_filter["bpf_filter_type"] = "cBPF"
 
         if not sock_filter.has_member("prog") or not sock_filter.prog:
-            return
+            return None
 
         bpfprog = sock_filter.prog
 
@@ -158,13 +158,13 @@ def _extract_socket_filter_info(
                 return  # cBPF filter
         except AttributeError:
             # kernel < 3.18.140, it's a cBPF filter
-            return
+            return None
 
         BPF_PROG_TYPE_SOCKET_FILTER = 1  # eBPF filter
         if bpfprog_type != BPF_PROG_TYPE_SOCKET_FILTER:
             socket_filter["bpf_filter_type"] = f"UNK({bpfprog_type})"
             vollog.warning(f"Unexpected BPF type {bpfprog_type} for a socket")
-            return
+            return None
 
         socket_filter["bpf_filter_type"] = "eBPF"
         if not bpfprog.has_member("aux") or not bpfprog.aux:
@@ -329,17 +329,17 @@ def _xdp_sock(
         xdp_sock = sock.cast("xdp_sock")
         device = xdp_sock.dev
         if not device:
-            return
+            return None
 
         src_addr = utility.array_to_string(device.name)
         src_port = dst_addr = dst_port = None
 
         bpfprog = device.xdp_prog
         if not bpfprog:
-            return
+            return None
 
         if not bpfprog.has_member("aux") or not bpfprog.aux:
-            return
+            return None
 
         bpfprog_aux = bpfprog.aux
         if bpfprog_aux.has_member("id"):

volatility3/framework/plugins/mac/check_sysctl.py

@@ -69,7 +69,7 @@ def _process_sysctl_list(self, kernel, sysctl_list, recursive=0):
             try:
                 sysctl = sysctl.oid_link.sle_next.dereference()
             except exceptions.InvalidAddressException:
-                return
+                return None
 
         while sysctl:
             try:

volatility3/framework/plugins/mac/kevents.py

@@ -116,7 +116,7 @@ def _walk_klist_array(cls, kernel, fdp, array_pointer_member, array_size_member)
             )
 
         except exceptions.InvalidAddressException:
-            return
+            return None
 
         for klist in klist_array:
             for kn in mac.MacUtilities.walk_slist(klist, "kn_link"):
@@ -140,7 +140,7 @@ def _get_task_kevents(cls, kernel, task):
         try:
             p_klist = task.p_klist
         except exceptions.InvalidAddressException:
-            return
+            return None
 
         for kn in mac.MacUtilities.walk_slist(p_klist, "kn_link"):
             yield kn

volatility3/framework/plugins/mac/lsmod.py

@@ -75,7 +75,7 @@ def list_modules(
             try:
                 kmod = kmod.next
             except exceptions.InvalidAddressException:
-                return
+                return None
         return  # Generation finished
 
     def _generator(self):

volatility3/framework/plugins/mac/malfind.py

@@ -40,7 +40,7 @@ def _list_injections(self, task):
 
         proc_layer_name = task.add_process_layer()
         if proc_layer_name is None:
-            return
+            return None
 
         proc_layer = self.context.layers[proc_layer_name]
 

volatility3/framework/plugins/windows/cachedump.py

@@ -108,12 +108,12 @@ def _generator(self, syshive, sechive):
                 vollog.warning("Unable to locate SYSTEM hive")
             if sechive is None:
                 vollog.warning("Unable to locate SECURITY hive")
-            return
+            return None
 
         bootkey = hashdump.Hashdump.get_bootkey(syshive)
         if not bootkey:
             vollog.warning("Unable to find bootkey")
-            return
+            return None
 
         kernel = self.context.modules[self.config["kernel"]]
 
@@ -124,17 +124,17 @@ def _generator(self, syshive, sechive):
         lsakey = lsadump.Lsadump.get_lsa_key(sechive, bootkey, vista_or_later)
         if not lsakey:
             vollog.warning("Unable to find lsa key")
-            return
+            return None
 
         nlkm = self.get_nlkm(sechive, lsakey, vista_or_later)
         if not nlkm:
             vollog.warning("Unable to find nlkma key")
-            return
+            return None
 
         cache = hashdump.Hashdump.get_hive_key(sechive, "Cache")
         if not cache:
             vollog.warning("Unable to find cache key")
-            return
+            return None
 
         for cache_item in cache.get_values():
             if cache_item.Name == "NL$Control":

volatility3/framework/plugins/windows/callbacks.py

@@ -157,7 +157,7 @@ def _list_registry_callbacks_legacy(
         )
 
         if callback_count == 0:
-            return
+            return None
 
         fast_refs = ntkrnlmp.object(
             object_type="array",
@@ -199,7 +199,7 @@ def _list_registry_callbacks_new(
         )
 
         if callback_count == 0:
-            return
+            return None
 
         callback_list = ntkrnlmp.object(object_type="_LIST_ENTRY", offset=symbol_offset)
         for callback in callback_list.to_list(full_type_name, "Link"):
@@ -256,7 +256,7 @@ def list_registry_callbacks(
                     symbol_status = "exists"
                 vollog.debug(f"symbol {symbol_name} {symbol_status}.")
 
-            return
+            return None
 
     @classmethod
     def list_bugcheck_reason_callbacks(
@@ -287,7 +287,7 @@ def list_bugcheck_reason_callbacks(
             ).address
         except exceptions.SymbolError:
             vollog.debug("Cannot find KeBugCheckReasonCallbackListHead")
-            return
+            return None
 
         full_type_name = (
             callback_table_name + constants.BANG + "_KBUGCHECK_REASON_CALLBACK_RECORD"
@@ -343,7 +343,7 @@ def list_bugcheck_callbacks(
             list_offset = ntkrnlmp.get_symbol("KeBugCheckCallbackListHead").address
         except exceptions.SymbolError:
             vollog.debug("Cannot find KeBugCheckCallbackListHead")
-            return
+            return None
 
         full_type_name = (
             callback_table_name + constants.BANG + "_KBUGCHECK_CALLBACK_RECORD"

volatility3/framework/plugins/windows/dumpfiles.py

@@ -130,7 +130,7 @@ def process_file_object(
                 constants.LOGLEVEL_VVV,
                 f"The file object at {file_obj.vol.offset:#x} is not a file on disk",
             )
-            return
+            return None
 
         # Depending on the type of object (DataSection, ImageSection, SharedCacheMap) we may need to
         # read from the memory layer or the primary layer.

volatility3/framework/plugins/windows/handles.py

@@ -285,7 +285,7 @@ def _make_handle_array(self, offset, level, depth=0):
             count = 0x1000 / subtype.size
 
         if not self.context.layers[virtual].is_valid(offset):
-            return
+            return None
 
         table = ntkrnlmp.object(
             object_type="array",
@@ -335,7 +335,7 @@ def handles(self, handle_table):
                 constants.LOGLEVEL_VVV,
                 "Handle table parsing was aborted due to an invalid address exception",
             )
-            return
+            return None
 
         for handle_table_entry in self._make_handle_array(TableCode, table_levels):
             yield handle_table_entry