gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-21 23:00:29 -08:00
Code Issues Packages Projects Releases Wiki Activity

mypy

Browse Source
This commit is contained in:
Willi Ballenthin
2023-10-17 14:42:58 +00:00
parent 92daf3a530
commit 1aac4a1a69
11 changed files with 16 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
capa/features/extractors/dnfile_.py
View File

@@ -55,7 +55,7 @@ def extract_file_arch(pe: dnfile.dnPE, **kwargs) -> Iterator[Tuple[Feature, Addr
def extract_file_features(pe: dnfile.dnPE) -> Iterator[Tuple[Feature, Address]]: def extract_file_features(pe: dnfile.dnPE) -> Iterator[Tuple[Feature, Address]]:
for file_handler in FILE_HANDLERS: for file_handler in FILE_HANDLERS:
for feature, address in file_handler(pe=pe): # type: ignore for feature, address in file_handler(pe=pe):
yield feature, address yield feature, address

2
capa/features/extractors/dotnetfile.py
View File

@@ -11,6 +11,7 @@ from pathlib import Path
import dnfile import dnfile
import pefile import pefile
from dnfile.types import DnType
import capa.features.extractors.helpers import capa.features.extractors.helpers
from capa.features.file import Import, FunctionName from capa.features.file import Import, FunctionName
@@ -33,7 +34,6 @@ from capa.features.common import (
from capa.features.address import NO_ADDRESS, Address, DNTokenAddress from capa.features.address import NO_ADDRESS, Address, DNTokenAddress
from capa.features.extractors.base_extractor import SampleHashes, StaticFeatureExtractor from capa.features.extractors.base_extractor import SampleHashes, StaticFeatureExtractor
from capa.features.extractors.dnfile.helpers import ( from capa.features.extractors.dnfile.helpers import (
DnType,
iter_dotnet_table, iter_dotnet_table,
is_dotnet_mixed_mode, is_dotnet_mixed_mode,
get_dotnet_managed_imports, get_dotnet_managed_imports,

2
capa/features/extractors/ghidra/file.py
View File

@@ -34,7 +34,7 @@ def find_embedded_pe(block_bytez: bytes, mz_xor: List[Tuple[bytes, bytes, int]])
for match in re.finditer(re.escape(mzx), block_bytez): for match in re.finditer(re.escape(mzx), block_bytez):
todo.append((match.start(), mzx, pex, i)) todo.append((match.start(), mzx, pex, i))
seg_max = len(block_bytez) # type: ignore [name-defined] # noqa: F821 seg_max = len(block_bytez) # noqa: F821
while len(todo): while len(todo):
off, mzx, pex, i = todo.pop() off, mzx, pex, i = todo.pop()

2
capa/features/extractors/viv/basicblock.py
View File

@@ -140,7 +140,7 @@ def is_printable_ascii(chars: bytes) -> bool:
def is_printable_utf16le(chars: bytes) -> bool: def is_printable_utf16le(chars: bytes) -> bool:
if all(c == b"\x00" for c in chars[1::2]): if all(c == 0x0 for c in chars[1::2]):
return is_printable_ascii(chars[::2]) return is_printable_ascii(chars[::2])
return False return False

4
capa/main.py
View File

@@ -823,7 +823,7 @@ def get_file_extractors(sample: Path, format_: str) -> List[FeatureExtractor]:
file_extractors.append(capa.features.extractors.pefile.PefileFeatureExtractor(sample)) file_extractors.append(capa.features.extractors.pefile.PefileFeatureExtractor(sample))
file_extractors.append(capa.features.extractors.dnfile_.DnfileFeatureExtractor(sample)) file_extractors.append(capa.features.extractors.dnfile_.DnfileFeatureExtractor(sample))
elif format_ == capa.features.extractors.common.FORMAT_ELF: elif format_ == capa.features.common.FORMAT_ELF:
file_extractors.append(capa.features.extractors.elffile.ElfFeatureExtractor(sample)) file_extractors.append(capa.features.extractors.elffile.ElfFeatureExtractor(sample))
elif format_ == FORMAT_CAPE: elif format_ == FORMAT_CAPE:
@@ -1462,7 +1462,7 @@ def main(argv: Optional[List[str]] = None):
# during the load of the RuleSet, we extract subscope statements into their own rules # during the load of the RuleSet, we extract subscope statements into their own rules
# that are subsequently `match`ed upon. this inflates the total rule count. # that are subsequently `match`ed upon. this inflates the total rule count.
# so, filter out the subscope rules when reporting total number of loaded rules. # so, filter out the subscope rules when reporting total number of loaded rules.
len(list(filter(lambda r: not r.is_subscope_rule(), rules.rules.values()))), len(list(filter(lambda r: not (r.is_subscope_rule()), rules.rules.values()))),
) )
if args.tag: if args.tag:
rules = rules.filter_rules_by_meta(args.tag) rules = rules.filter_rules_by_meta(args.tag)

4
capa/render/result_document.py
View File

@@ -215,7 +215,7 @@ def statement_from_capa(node: capa.engine.Statement) -> Statement:
description=node.description, description=node.description,
min=node.min, min=node.min,
max=node.max, max=node.max,
child=frz.feature_from_capa(node.child), child=frzf.feature_from_capa(node.child),
) )
elif isinstance(node, capa.engine.Subscope): elif isinstance(node, capa.engine.Subscope):
@@ -241,7 +241,7 @@ def node_from_capa(node: Union[capa.engine.Statement, capa.engine.Feature]) -> N
return StatementNode(statement=statement_from_capa(node)) return StatementNode(statement=statement_from_capa(node))
elif isinstance(node, capa.engine.Feature): elif isinstance(node, capa.engine.Feature):
return FeatureNode(feature=frz.feature_from_capa(node)) return FeatureNode(feature=frzf.feature_from_capa(node))
else: else:
assert_never(node) assert_never(node)

6
capa/rules/__init__.py
View File

@@ -322,7 +322,7 @@ def ensure_feature_valid_for_scopes(scopes: Scopes, feature: Union[Feature, Stat
# features of this scope that are not Characteristics will be Type instances. # features of this scope that are not Characteristics will be Type instances.
# check that the given feature is one of these types. # check that the given feature is one of these types.
types_for_scope = filter(lambda t: isinstance(t, type), supported_features) types_for_scope = filter(lambda t: isinstance(t, type), supported_features)
if not isinstance(feature, tuple(types_for_scope)): # type: ignore if not isinstance(feature, tuple(types_for_scope)):
raise InvalidRule(f"feature {feature} not supported for scopes {scopes}") raise InvalidRule(f"feature {feature} not supported for scopes {scopes}")
@@ -990,7 +990,7 @@ class Rule:
# leave quotes unchanged. # leave quotes unchanged.
# manually verified this property exists, even if mypy complains. # manually verified this property exists, even if mypy complains.
y.preserve_quotes = True # type: ignore y.preserve_quotes = True
# indent lists by two spaces below their parent # indent lists by two spaces below their parent
# #
@@ -1002,7 +1002,7 @@ class Rule:
# avoid word wrapping # avoid word wrapping
# manually verified this property exists, even if mypy complains. # manually verified this property exists, even if mypy complains.
y.width = 4096 # type: ignore y.width = 4096
return y return y

4
scripts/bulk-process.py
View File

@@ -112,7 +112,7 @@ def get_capa_results(args):
extractor = capa.main.get_extractor( extractor = capa.main.get_extractor(
path, format, os_, capa.main.BACKEND_VIV, sigpaths, should_save_workspace, disable_progress=True path, format, os_, capa.main.BACKEND_VIV, sigpaths, should_save_workspace, disable_progress=True
) )
except capa.main.UnsupportedFormatError: except capa.exceptions.UnsupportedFormatError:
# i'm 100% sure if multiprocessing will reliably raise exceptions across process boundaries. # i'm 100% sure if multiprocessing will reliably raise exceptions across process boundaries.
# so instead, return an object with explicit success/failure status. # so instead, return an object with explicit success/failure status.
# #
@@ -123,7 +123,7 @@ def get_capa_results(args):
"status": "error", "status": "error",
"error": f"input file does not appear to be a PE file: {path}", "error": f"input file does not appear to be a PE file: {path}",
} }
except capa.main.UnsupportedRuntimeError: except capa.exceptions.UnsupportedRuntimeError:
return { return {
"path": path, "path": path,
"status": "error", "status": "error",

2
scripts/lint.py
View File

@@ -359,7 +359,7 @@ def get_sample_capabilities(ctx: Context, path: Path) -> Set[str]:
elif nice_path.name.endswith(capa.helpers.EXTENSIONS_SHELLCODE_64): elif nice_path.name.endswith(capa.helpers.EXTENSIONS_SHELLCODE_64):
format_ = "sc64" format_ = "sc64"
else: else:
format_ = capa.main.get_auto_format(nice_path) format_ = capa.helpers.get_auto_format(nice_path)
logger.debug("analyzing sample: %s", nice_path) logger.debug("analyzing sample: %s", nice_path)
extractor = capa.main.get_extractor( extractor = capa.main.get_extractor(

2
scripts/setup-linter-dependencies.py
View File

@@ -47,7 +47,7 @@ from typing import Dict, List
from pathlib import Path from pathlib import Path
import requests import requests
from stix2 import Filter, MemoryStore, AttackPattern # type: ignore from stix2 import Filter, MemoryStore, AttackPattern
logging.basicConfig(level=logging.INFO, format="%(asctime)s [%(levelname)s] %(message)s") logging.basicConfig(level=logging.INFO, format="%(asctime)s [%(levelname)s] %(message)s")

2
tests/test_static_freeze.py
View File

@@ -140,7 +140,7 @@ def test_freeze_bytes_roundtrip():
def roundtrip_feature(feature): def roundtrip_feature(feature):
assert feature == capa.features.freeze.feature_from_capa(feature).to_capa() assert feature == capa.features.freeze.features.feature_from_capa(feature).to_capa()
def test_serialize_features(): def test_serialize_features():