fix(analysisinfo): detect auto-selected package from Windows analyzer logs

wmetcalf · wmetcalf · commit 6f4953ad4547 · 2026-03-09T15:22:12.000Z
The Windows analyzer logs the package selection as:
  INFO: analysis package selected: "pkg"
but get_package() only searched for the Linux format:
  INFO: Automatically selected analysis package "pkg"

This caused the package field to remain empty in reports for
Windows analyses where no package was explicitly specified.

Now searches for both log formats using len(marker) instead of
a hardcoded offset.
diff --git a/modules/processing/analysisinfo.py b/modules/processing/analysisinfo.py
@@ -68,8 +68,15 @@ def get_package(self):
                 raise CuckooProcessingError(f"Error opening {self.log_path}: {e}") from e
             else:
                 with suppress(Exception):
-                    idx = analysis_log.index('INFO: Automatically selected analysis package "')
-                    package = analysis_log[idx + 47 :].split('"', 1)[0]
+                    # Try both Windows and Linux analyzer log formats
+                    for marker in (
+                        'INFO: analysis package selected: "',
+                        'INFO: Automatically selected analysis package "',
+                    ):
+                        if marker in analysis_log:
+                            idx = analysis_log.index(marker)
+                            package = analysis_log[idx + len(marker) :].split('"', 1)[0]
+                            break
         return package
 
     def run(self):
