mirror of
https://github.com/reconurge/flowsint.git
synced 2026-07-15 12:36:48 -05:00
TXT imports of file hashes were detected as Username, because File.detect always returned False and Username.detect matches any 3-80 char alphanumeric string. Hashes therefore couldn't be used as File entities to pivot from (VirusTotal, MalwareBazaar, sandboxes), per #45. - File.detect now recognizes 32/40/64-char hex strings (MD5/SHA1/SHA256), and File.from_string stores the value in the matching hash_* field (normalized to lowercase) while keeping it as the filename/label. - Username.detect now explicitly rejects hash-shaped strings, so hash detection is correct regardless of type-registration order (File is already registered before Username, but this removes the implicit dependency). Tests cover detection of each hash type (case/whitespace), rejection of non-hashes, from_string field population, the Username regression, and end-to-end detect_type() resolution to File. Closes #45