signify >= 0.8 breaks Authenticode parsing in thrember (CertificateStore not subscriptable)

When using recent versions of `signify`, `thrember` fails during PE feature extraction with the following error:

```
TypeError: 'CertificateStore' object is not subscriptable
```

**Where it happens**

In `thrember/features.py`, during Authenticode feature extraction:

```python
for cert in certs[:-1]:
    ...
```

With recent `signify` versions, `certs` is a `CertificateStore` object, which is iterable but **does not support slicing**.
This causes a runtime exception when processing signed PE files.

**Root cause**

`signify` changed the Authenticode API:

* certificate collections are now returned as `CertificateStore`
* `CertificateStore` is iterable but not indexable

`thrember` still assumes a list-like object and uses slicing.

**Suggested fix**

Convert the certificate store to a list before slicing:

```python
certs = list(certs)
for cert in certs[:-1]:
    ...
```

This keeps the existing logic intact and restores compatibility with recent `signify` versions.

**Environment**

* Python: 3.10 / 3.11
* signify: >= 0.8.x
* thrember / EMBER2024: current release


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

signify >= 0.8 breaks Authenticode parsing in thrember (CertificateStore not subscriptable) #14

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

signify >= 0.8 breaks Authenticode parsing in thrember (CertificateStore not subscriptable) #14

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions