From 938c75737b6f4be8af4ca8c41ac3935ea3927d79 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Wed, 6 Apr 2022 13:18:06 -0600 Subject: [PATCH 1/3] render: meta: display rule paths on separate lines closes #971 --- capa/render/verbose.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/capa/render/verbose.py b/capa/render/verbose.py index aa601158..55d15b51 100644 --- a/capa/render/verbose.py +++ b/capa/render/verbose.py @@ -62,7 +62,7 @@ def render_meta(ostream, doc): ("arch", doc["meta"]["analysis"]["arch"]), ("extractor", doc["meta"]["analysis"]["extractor"]), ("base address", hex(doc["meta"]["analysis"]["base_address"])), - ("rules", ", ".join(doc["meta"]["analysis"]["rules"])), + ("rules", doc["meta"]["analysis"]["rules"][0]), ("function count", len(doc["meta"]["analysis"]["feature_counts"]["functions"])), ("library function count", len(doc["meta"]["analysis"]["library_functions"])), ( @@ -71,6 +71,13 @@ def render_meta(ostream, doc): + sum(doc["meta"]["analysis"]["feature_counts"]["functions"].values()), ), ] + + if len(doc["meta"]["analysis"]["rules"]) > 1: + idx = rows.index(("rules", doc["meta"]["analysis"]["rules"][0])) + 1 + for rule in doc["meta"]["analysis"]["rules"][1:]: + rows.insert(idx, ("", rule)) + idx += 1 + ostream.writeln(tabulate.tabulate(rows, tablefmt="plain")) From d47b1503b2478c91d7a0885634829001e9c9fc37 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Wed, 6 Apr 2022 13:21:11 -0600 Subject: [PATCH 2/3] render: verbose: add doc --- capa/render/verbose.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/capa/render/verbose.py b/capa/render/verbose.py index 55d15b51..aef41a39 100644 --- a/capa/render/verbose.py +++ b/capa/render/verbose.py @@ -72,6 +72,13 @@ def render_meta(ostream, doc): ), ] + # when there are multiple rule paths, + # display each one on its own line, like: + # + # base address 0x10000000 + # rules /path/1 + # /path/2 + # function count 2 if len(doc["meta"]["analysis"]["rules"]) > 1: idx = rows.index(("rules", doc["meta"]["analysis"]["rules"][0])) + 1 for rule in doc["meta"]["analysis"]["rules"][1:]: From fccca823c5746cebedea240e3833bc0ee72d988d Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Wed, 6 Apr 2022 13:41:05 -0600 Subject: [PATCH 3/3] verbose: make rule path multiline more concise --- capa/render/verbose.py | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/capa/render/verbose.py b/capa/render/verbose.py index aef41a39..9cf99fb1 100644 --- a/capa/render/verbose.py +++ b/capa/render/verbose.py @@ -62,7 +62,7 @@ def render_meta(ostream, doc): ("arch", doc["meta"]["analysis"]["arch"]), ("extractor", doc["meta"]["analysis"]["extractor"]), ("base address", hex(doc["meta"]["analysis"]["base_address"])), - ("rules", doc["meta"]["analysis"]["rules"][0]), + ("rules", "\n".join(doc["meta"]["analysis"]["rules"])), ("function count", len(doc["meta"]["analysis"]["feature_counts"]["functions"])), ("library function count", len(doc["meta"]["analysis"]["library_functions"])), ( @@ -72,19 +72,6 @@ def render_meta(ostream, doc): ), ] - # when there are multiple rule paths, - # display each one on its own line, like: - # - # base address 0x10000000 - # rules /path/1 - # /path/2 - # function count 2 - if len(doc["meta"]["analysis"]["rules"]) > 1: - idx = rows.index(("rules", doc["meta"]["analysis"]["rules"][0])) + 1 - for rule in doc["meta"]["analysis"]["rules"][1:]: - rows.insert(idx, ("", rule)) - idx += 1 - ostream.writeln(tabulate.tabulate(rows, tablefmt="plain"))