gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-22 15:16:22 -08:00
Code Issues Packages Projects Releases Wiki Activity

Fixes Linting Issues

Browse Source 
Update detect_duplicate_features.py
This commit is contained in:
Aayush Goel
2023-04-27 06:11:58 +05:30
parent 256611bef5
commit 09865ccd9b
1 changed files with 34 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
scripts/detect_duplicate_features.py
View File

@@ -1,67 +1,73 @@
import os import os
import yaml import yaml
def findall_features(features): def findall_features(features):
feature_list = [] feature_list = []
for feature in features: for feature in features:
if 'and' in feature: if "and" in feature:
and_list = findall_features(feature['and']) and_list = findall_features(feature["and"])
for x in and_list: for x in and_list:
feature_list.append(x) feature_list.append(x)
elif 'or' in feature: elif "or" in feature:
or_list = findall_features(feature['or']) or_list = findall_features(feature["or"])
for y in or_list: for y in or_list:
feature_list.append(y) feature_list.append(y)
else: else:
feature_list.append(feature) feature_list.append(feature)
return feature_list return feature_list
def find_overlapping_rules(new_rule_path, rules_path): def find_overlapping_rules(new_rule_path, rules_path):
if not new_rule_path.endswith('.yml'): if not new_rule_path.endswith(".yml"):
return 'ERROR ! New rule path file name incorrect' return "ERROR ! New rule path file name incorrect"
count = 0 count = 0
with open(new_rule_path, 'r') as f: with open(new_rule_path, "r") as f:
new_rule = yaml.safe_load(f) new_rule = yaml.safe_load(f)
if 'rule' not in new_rule:
if "rule" not in new_rule:
return "ERROR ! given new rule path isn't a rule" return "ERROR ! given new rule path isn't a rule"
new_rule_features = findall_features(new_rule['rule']['features']) new_rule_features = findall_features(new_rule["rule"]["features"])
overlapping_rules = [] overlapping_rules = []
for dirpath, dirnames, filenames in os.walk(rules_path): for dirpath, dirnames, filenames in os.walk(rules_path):
for filename in filenames: for filename in filenames:
if filename.endswith('.yml'): if filename.endswith(".yml"):
rule_path = os.path.join(dirpath, filename) rule_path = os.path.join(dirpath, filename)
with open(rule_path, 'r') as f: with open(rule_path, "r") as f:
rule = yaml.safe_load(f) rule = yaml.safe_load(f)
if 'rule' not in rule: if "rule" not in rule:
continue continue
rule_features = findall_features(rule['rule']['features']) rule_features = findall_features(rule["rule"]["features"])
count += 1 count += 1
if any([feature in rule_features for feature in new_rule_features]): if any([feature in rule_features for feature in new_rule_features]):
overlapping_rules.append(rule_path) overlapping_rules.append(rule_path)
result = {'overlapping_rules': overlapping_rules,
'count': count} result = {"overlapping_rules": overlapping_rules, "count": count}
return result return result
# usage # usage
base_dir = '' base_dir = ""
new_rule_path = base_dir + 'rules\\anti-analysis\\reference-analysis-tools-strings.yml' new_rule_path = base_dir + "rules\\anti-analysis\\reference-analysis-tools-strings.yml"
rules_path = base_dir + 'rules' rules_path = base_dir + "rules"
try: try:
result = find_overlapping_rules(new_rule_path, rules_path) result = find_overlapping_rules(new_rule_path, rules_path)
print('New rule path : %s' % new_rule_path) print("New rule path : %s" % new_rule_path)
print('Number of rules checked : %s ' % result['count']) print("Number of rules checked : %s " % result["count"])
print('Paths to overlapping rules : ', result['overlapping_rules']) print("Paths to overlapping rules : ", result["overlapping_rules"])
print('Number of rules containing same features : %s' % len(result['overlapping_rules'])) print("Number of rules containing same features : %s" % len(result["overlapping_rules"]))
except Exception as e: except Exception as e:
print(e) print(e)
try: try:
print(result,'') print(result, "")
except: except:
pass pass