gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-21 23:00:29 -08:00
Code Issues Packages Projects Releases Wiki Activity

adjust negative hex numbers in to_yaml

Browse Source
This commit is contained in:
Moritz Raabe
2021-01-27 18:36:03 +01:00
parent d6e73577af
commit 072e30498b
3 changed files with 9 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
capa/rules.py
View File

@@ -6,6 +6,7 @@
# is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and limitations under the License. # See the License for the specific language governing permissions and limitations under the License.
import re
import uuid import uuid
import codecs import codecs
import logging import logging
@@ -727,6 +728,14 @@ class Rule(object):
# assumes features section always exists # assumes features section always exists
features_offset = doc.find("features") features_offset = doc.find("features")
doc = doc[:features_offset] + doc[features_offset:].replace(" description:", " description:") doc = doc[:features_offset] + doc[features_offset:].replace(" description:", " description:")
# for negative hex numbers, yaml dump outputs:
# - offset: !!int '0x-30'
# we prefer:
# - offset: -0x30
# the below regex makes these adjustments and while ugly, we don't have to explore the ruamel.yaml insides
doc = re.sub(r"!!int '0x-([0-9a-fA-F]+)'", r"-0x\1", doc)
return doc return doc

4
scripts/capafmt.py
View File

@@ -14,7 +14,6 @@ Unless required by applicable law or agreed to in writing, software distributed
is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and limitations under the License. See the License for the specific language governing permissions and limitations under the License.
""" """
import re
import sys import sys
import logging import logging
import argparse import argparse
@@ -60,9 +59,6 @@ def main(argv=None):
rule = capa.rules.Rule.from_yaml_file(args.path, use_ruamel=True) rule = capa.rules.Rule.from_yaml_file(args.path, use_ruamel=True)
reformatted_rule = rule.to_yaml() reformatted_rule = rule.to_yaml()
# fix negative numbers
reformatted_rule = re.sub(r"!!int '0x-([0-9a-fA-F]+)'", r"-0x\1", reformatted_rule)
if args.check: if args.check:
if rule.definition == reformatted_rule: if rule.definition == reformatted_rule:
logger.info("rule is formatted correctly, nice! (%s)", rule.name) logger.info("rule is formatted correctly, nice! (%s)", rule.name)

7
scripts/lint.py
View File

@@ -14,7 +14,6 @@ Unless required by applicable law or agreed to in writing, software distributed
See the License for the specific language governing permissions and limitations under the License. See the License for the specific language governing permissions and limitations under the License.
""" """
import os import os
import re
import sys import sys
import time import time
import string import string
@@ -298,12 +297,6 @@ class FormatIncorrect(Lint):
actual = rule.definition actual = rule.definition
expected = capa.rules.Rule.from_yaml(rule.definition, use_ruamel=True).to_yaml() expected = capa.rules.Rule.from_yaml(rule.definition, use_ruamel=True).to_yaml()
# fix negative numbers
# - offset: -0x30
# instead of
# - offset: !!int '0x-30'
expected = re.sub(r"!!int '0x-([0-9a-fA-F]+)'", r"-0x\1", expected)
if actual != expected: if actual != expected:
diff = difflib.ndiff(actual.splitlines(1), expected.splitlines(1)) diff = difflib.ndiff(actual.splitlines(1), expected.splitlines(1))
self.recommendation = self.recommendation_template.format("".join(diff)) self.recommendation = self.recommendation_template.format("".join(diff))