Merge pull request #2 from DefinetlyNotAI/beta2

Author: DefinetlyNotAI

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @DefinetlyNotAI

.github/FUNDING.yml

@@ -0,0 +1,4 @@
+# These are supported funding model platforms
+
+github: DefinetlyNotAI
+buy_me_a_coffee: DefinetlyNotAI

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,67 @@
+name: Report a bug
+description: Tell us about a bug or issue you may have identified in MalwareBuilder.
+title: "Provide a general summary of the issue"
+assignees: "DefinetlyNotAI"
+body:
+  - type: checkboxes
+    attributes:
+      label: Prerequisites
+      description: Take a couple minutes to help our maintainers work faster.
+      options:
+        - label: I have [searched](https://github.com/DefinetlyNotAI/MalwareBuilder/issues?utf8=%E2%9C%93&q=is%3Aissue) for duplicate or closed issues.
+          required: true
+        - label: I have checked that I am on the latest release, and have made sure no external modification are responsible for this bug.
+          required: true
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: Describe the issue
+      description: Provide a summary of the issue and what you expected to happen, including specific steps to reproduce.
+    validations:
+      required: true
+  - type: textarea
+    id: d_log
+    attributes:
+      label: CLI output
+      description: Include the CLI output here if possible.
+    validations:
+      required: false
+  - type: textarea
+    id: extra
+    attributes:
+      label: Anything else?
+      description: Include anything you deem important.
+    validations:
+      required: false
+  - type: dropdown
+    id: flags_list
+    attributes:
+      label: What features were you using to run MalwareBuilder?
+      multiple: true
+      options:
+        - Remove() features
+        - Spam() features
+        - Destroy() features
+        - Tomfoolery() features
+        - Custom features
+    validations:
+        required: true
+  - type: dropdown
+    id: file_list
+    attributes:
+      label: What part of MalwareBuilder failed?
+      multiple: false
+      options:
+        - Malware Builder process (MalwareBuilder.py)
+        - Infection process (Infect.exe)
+        - Curing process (Cure.exe)
+        - Nothing/Other
+    validations:
+      required: true
+  - type: input
+    id: version
+    attributes:
+      label: What version of MalwareBuilder are you using?
+      placeholder: "e.g., beta.1"
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: GitHub Community Support
+    url: https://github.com/orgs/community/discussions
+    about: Please ask and answer questions here.

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,40 @@
+name: Feature request
+description: Suggest new or updated features to include in MalwareBuilder.
+title: "Suggest a new feature"
+assignees: "DefinetlyNotAI"
+body:
+  - type: checkboxes
+    attributes:
+      label: Prerequisites
+      description: Take a couple minutes to help our maintainers work faster.
+      options:
+        - label: I have [searched](https://github.com/DefinetlyNotAI/MalwareBuilder/issues?utf8=%E2%9C%93&q=is%3Aissue) for duplicate or closed feature requests
+          required: true
+        - label: I would like to contribute this request (Optional).
+          required: false
+  - type: textarea
+    id: proposal
+    attributes:
+      label: Proposal
+      description: Provide detailed information for what we should add, including relevant links to prior art, screenshots, or live demos whenever possible.
+    validations:
+      required: true
+  - type: textarea
+    id: motivation
+    attributes:
+      label: Motivation and context
+      description: Tell us why this change is needed or helpful, and what problems it may help solve.
+    validations:
+      required: true
+  - type: dropdown
+    id: importance
+    attributes:
+      label: What is the importance for implementing this idea?
+      multiple: false
+      options:
+        - High
+        - Normal
+        - Low
+        - N/A
+    validations:
+      required: true

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,43 @@
+## Pull Request Template
+
+### Prerequisites
+
+<!-- Take a couple of minutes to help our maintainers work faster by checking of the pre-requisites. -->
+<!-- To tick the checkboxes replace the space with an 'x', so [ ] becomes [x] . -->
+
+- [ ] I have [searched](https://github.com/DefinetlyNotAI/MalwareBuilder/pulls) for duplicate or closed issues.
+- [ ] I have updated the documentation accordingly, if required.
+
+### PR Type
+
+<!-- Take a couple of minutes to help our maintainers work faster by telling us what is the PR guided on. -->
+<!-- To tick the checkboxes replace the space with an 'x', so [ ] becomes [x] . -->
+
+- [ ] Bug fix <!-- Non-Breaking Bug Fix - Usually relates to fixing an issue -->
+- [ ] Deprecation Change <!-- Removing a deprecation -->
+- [ ] New feature <!-- Non-Breaking Change that adds a new feature -->
+- [ ] Refactoring <!-- Non-Breaking Change that modifies existing code to refactor it to become more organised -->
+- [ ] ⚠️ Breaking change ⚠️ <!-- Breaking Bug Fix / New Addition that changes how MalwareBuilder works -->
+
+### Description
+
+<!-- REQUIRED: Provide a summary of the PR and what you expected to happen. -->
+
+### Motivation and Context
+
+<!-- REQUIRED: Why is this PR required? What problem does it solve? Why do you want to do it? -->
+
+### Credit
+
+<!-- If this PR is a contribution, please mention the contributors here using the appropriate syntax. -->
+
+<!--
+### File-Created/CONTRIBUTION by MAIN-Username
+What you did, created, removed, refactored, fixed, or discovered.
+- [Your GitHub Username](https://github.com/YourGitHubLink)
+- [Your GitHub Username](https://github.com/YourGitHubLink) etc...
+-->
+
+### Issues Fixed
+
+<!-- REQUIRED: What issues will be fixed? (Format: "#50, #23" etc.) if none exist type _N/A_ -->

.github/dependabot.yml

@@ -0,0 +1,21 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+    labels:
+      - "type/Dependencies"
+
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+    labels:
+      - "type/Dependencies"
+      - "type/Github Actions"

.github/workflows/dependency-review.yml

@@ -0,0 +1,27 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request,
+# surfacing known-vulnerable versions of the packages declared or updated in the PR.
+# Once installed, if the workflow run is marked as required,
+# PRs introducing known-vulnerable packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+        with:
+          egress-policy: audit
+
+      - name: 'Checkout Repository'
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0

.github/workflows/greetings.yml

@@ -0,0 +1,24 @@
+name: Greetings
+
+on: [pull_request_target, issues]
+
+permissions:
+  contents: read
+
+jobs:
+  greeting:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+      with:
+        egress-policy: audit
+
+    - uses: actions/first-interaction@3c71ce730280171fd1cfb57c00c774f8998586f7 # v1
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        issue-message: "Hi! Thanks for pointing out an issue/suggestion for the first time to MalwareBuilder 🤗 We hope it goes as smoothly as possible."
+        pr-message: "Hi! Thanks for contributing for the first time to MalwareBuilder 🤗 We hope it goes as smoothly as possible and appreciate your valuable contribution."

.github/workflows/scorecard.yml

@@ -0,0 +1,78 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecard supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '33 9 * * 6'
+  push:
+    branches: [ "main" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+      # Uncomment the permissions below if installing in a private repository.
+      # contents: read
+      # actions: read
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+        with:
+          egress-policy: audit
+
+      - name: "Checkout code"
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecard on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional.
+          repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories:
+          #   - `publish_results` will always be set to `false`, regardless
+          #     of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v3.pre.node20
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard (optional).
+      # Commenting out will disable upload of results to your repo's Code Scanning dashboard
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
+        with:
+          sarif_file: results.sarif